GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4,081 advisories
Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack
Critical
CVE-2025-62593
was published
for
ray
(pip)
Nov 26, 2025
Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer
High
CVE-2025-62703
was published
for
fugue
(pip)
Nov 25, 2025
pypdf's LZWDecode streams be manipulated to exhaust RAM
Moderate
CVE-2025-66019
was published
for
pypdf
(pip)
Nov 24, 2025
MLX has Wild Pointer Dereference in load_gguf()
Moderate
CVE-2025-62609
was published
for
mlx
(pip)
Nov 21, 2025
MLX has heap-buffer-overflow in load()
Moderate
CVE-2025-62608
was published
for
mlx
(pip)
Nov 21, 2025
vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`
Moderate
CVE-2025-62426
was published
for
vllm
(pip)
Nov 20, 2025
vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs
High
CVE-2025-62372
was published
for
vllm
(pip)
Nov 20, 2025
vLLM deserialization vulnerability leading to DoS and potential RCE
High
CVE-2025-62164
was published
for
vllm
(pip)
Nov 20, 2025
LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates
High
CVE-2025-65106
was published
for
langchain-core
(pip)
Nov 20, 2025
joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads
Critical
CVE-2025-65015
was published
for
joserfc
(pip)
Nov 18, 2025
AstrBot is vulnerable to RCE with hard-coded JWT signing keys
Critical
CVE-2025-55449
was published
for
astrbot
(pip)
Nov 14, 2025
pgAdmin4 vulnerable to Remote Code Execution (RCE) when running in server mode
Critical
CVE-2025-12762
was published
for
pgadmin4
(pip)
Nov 13, 2025
Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input (via CPU)
High
CVE-2025-64509
was published
for
bugsink
(pip)
Nov 13, 2025
changedetection.io: Stored XSS in Watch update via API
Low
CVE-2025-62780
was published
for
changedetection.io
(pip)
Nov 12, 2025
Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc
High
GHSA-f83h-ghpp-7wcc
was published
for
pdfminer.six
(pip)
Nov 7, 2025
ProTip!
Advisories are also available from the
GraphQL API