Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,877
Erlang
37
GitHub Actions
38
Go
2,536
Maven
5,000+
npm
4,192
NuGet
742
pip
3,971
Pub
12
RubyGems
947
Rust
1,030
Swift
39
Unreviewed advisories
All unreviewed
5,000+

317 advisories

Loading
JupyterLab LaTeX typesetter links did not enforce `noopener` attribute Low
CVE-2025-59842 was published for jupyterlab (pip) Sep 26, 2025
Yaniv-git krassowski
dlqqq
ml-logger deserialization vulnerability Low
CVE-2025-10950 was published for ml-logger (pip) Sep 25, 2025
Langchain-Chatchat has a Path Traversal vulnerability Low
CVE-2025-6853 was published for langchain-chatchat (pip) Jun 29, 2025
WebSSH Cross-site Scripting vulnerability Low
CVE-2025-7885 was published for webssh (pip) Jul 20, 2025
Fides has a Lack of Brute-Force Protections on Authentication Endpoints Low
CVE-2025-57815 was published for ethyca-fides (pip) Sep 8, 2025
thabofletcher daveqnet
Fides' Admin UI User Password Change Does Not Invalidate Current Session Low
CVE-2025-57766 was published for ethyca-fides (pip) Sep 8, 2025
thabofletcher adamsachs
daveqnet
Weblate has a long session expiry when verifying second factor Low
CVE-2025-58352 was published for Weblate (pip) Sep 4, 2025
nijel
MobSF Path Traversal in GET /download/<filename> using absolute filenames Low
CVE-2025-58161 was published for mobsf (pip) Sep 2, 2025
noname1337h1
Improper Privilege Management in djangorestframework-simplejwt Low
CVE-2024-22513 was published for djangorestframework-simplejwt (pip) Mar 16, 2024
r3kumar dmdhrumilmistry
Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata Low
CVE-2025-55304 was published for Exiv2 (pip) Aug 29, 2025
gluck-pwn
Exiv2 Segmentation Faults in Exiv2::EpsImage::writeMetadata() via crafted EPS file Low
CVE-2025-54080 was published for Exiv2 (pip) Aug 29, 2025
dragonArthurX
Withdrawn Advisory: Microsoft Knack ReDoS Vulnerability in the Introspection Module Low
CVE-2025-54364 was published for knack (pip) Aug 20, 2025 withdrawn
Withdrawn Advisory: Microsoft Knack ReDoS Vulnerability in the Introspection Module Low
CVE-2025-54363 was published for knack (pip) Aug 20, 2025 withdrawn
Litestar has potential log injection in exception logging Low
GHSA-674p-xv2x-rf3g was published for litestar (pip) Aug 11, 2025
Cycloctane
MaterialX Null Pointer Dereference in MaterialXCore Shader Generation due to Unchecked implGraphOutput Low
CVE-2025-53011 was published for MaterialX (pip) Jul 31, 2025
suidpit TheZ3ro
ndaprela smaury
MaterialX Null Pointer Dereference in getShaderNodes due to Unchecked nodeGraph->getOutput return Low
CVE-2025-53010 was published for MaterialX (pip) Jul 31, 2025
suidpit TheZ3ro
ndaprela smaury
MS SWIFT Remote Code Execution via unsafe PyYAML deserialization Low
CVE-2025-50460 was published for ms-swift (pip) Jul 31, 2025
Anchor0221
Weblate exposes personal IP address via e-mail Low
CVE-2025-49134 was published for weblate (pip) Jun 16, 2025
amCap1712 nijel
Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions Low
CVE-2024-53947 was published for apache-superset (pip) Dec 9, 2024
AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections Low
CVE-2025-53643 was published for aiohttp (pip) Jul 14, 2025
JeppW
Apache Airflow vulnerable to Insertion of Sensitive Information Into Sent Data Low
CVE-2024-50378 was published for apache-airflow (pip) Nov 8, 2024
Upsonic has vulnerability in Pickle Handler component that can lead to deserialization Low
CVE-2025-6279 was published for upsonic (pip) Jun 19, 2025
Upsonic is vulnerable to Path Traversal attack through its os.path.join function Low
CVE-2025-6278 was published for upsonic (pip) Jun 19, 2025
Transformers's Improper Input Validation vulnerability can be exploited through username injection Low
CVE-2025-3777 was published for transformers (pip) Jul 7, 2025
vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache Low
CVE-2025-25183 was published for vllm (pip) Feb 6, 2025
kexinoh russellb
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database