Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,950
Erlang
39
GitHub Actions
38
Go
2,603
Maven
5,000+
npm
4,250
NuGet
755
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,649 advisories

Loading
pypdf can exhaust RAM via manipulated LZWDecode streams Moderate
CVE-2025-62708 was published for pypdf (pip) Oct 22, 2025
tylzh97 stefan6419846
Credited to tylzh97 and stefan6419846
pypdf possibly loops infinitely when reading DCT inline images without EOF marker Moderate
CVE-2025-62707 was published for pypdf (pip) Oct 22, 2025
tylzh97 stefan6419846
Credited to tylzh97 and stefan6419846
Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization Moderate
GHSA-cq46-m9x9-j8w2 was published for scapy (pip) Oct 22, 2025
anotherik
Credited to anotherik
Hugging Face Smolagents XPath injection vulnerability in the search_item_ctrl_f function Moderate
CVE-2025-11844 was published for smolagents (pip) Oct 22, 2025
Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL Moderate
CVE-2025-62607 was published for nautobot-ssot (pip) Oct 21, 2025
gsnider2195 smk4664
jdrew82
Credited to gsnider2195, smk4664, and jdrew82
Taguette vulnerable to cross-site scripting via tag name, tag description, document name and document description Moderate
CVE-2025-62528 was published for taguette (pip) Oct 20, 2025
emilvirkki
Credited to emilvirkki
Mammoth is vulnerable to Directory Traversal Moderate
CVE-2025-11849 was published for Mammoth (Maven) Oct 17, 2025
Authlib : JWE zip=DEF decompression bomb enables DoS Moderate
CVE-2025-62706 was published for authlib (pip) Oct 10, 2025
AL-Cybision
Credited to AL-Cybision
python-ldap is Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination Moderate
CVE-2025-61912 was published for python-ldap (pip) Oct 10, 2025
aradona91
Credited to aradona91
python-ldap has sanitization bypass in ldap.filter.escape_filter_chars Moderate
CVE-2025-61911 was published for python-ldap (pip) Oct 10, 2025
lukas-eu
Credited to lukas-eu
BBOT's git_clone.py can expose users' GitHub API keys to an attacker-controlled webserver Moderate
CVE-2025-10281 was published for bbot (pip) Oct 9, 2025
justinsteven liquidsec
Credited to justinsteven and liquidsec
Python Social Auth - Django has unsafe account association Moderate
CVE-2025-61783 was published for social-auth-app-django (pip) Oct 9, 2025
mel-mason vanya909
nijel
Credited to mel-mason, vanya909, and nijel
Synapse's invalid device keys degrade federation functionality Moderate
CVE-2025-61672 was published for matrix-synapse (pip) Oct 8, 2025
dkasak
Credited to dkasak
vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server Moderate
CVE-2025-61620 was published for vllm (pip) Oct 7, 2025
key-moon Ga-ryo
ota42y Alnusjaponica Isotr0py DarkLight1337
Credited to key-moon, Ga-ryo, ota42y, Alnusjaponica, Isotr0py, and DarkLight1337
python-socketio vulnerable to arbitrary Python code execution (RCE) through malicious pickle deserialization in certain multi-server deployments Moderate
CVE-2025-61765 was published for python-socketio (pip) Oct 7, 2025
locus-x64
Credited to locus-x64
clearml is vulnerable to Path Traversal through its `safe_extract` function Moderate
CVE-2025-8917 was published for clearml (pip) Oct 5, 2025
ZenML is vulnerable to Path Traversal through its `PathMaterializer` class Moderate
CVE-2025-8406 was published for zenml (pip) Oct 5, 2025
NiceGUI has a Reflected XSS Moderate
CVE-2025-53354 was published for nicegui (pip) Oct 3, 2025
oxqnd
Credited to oxqnd
marimo vulnerable to proxy abuse of /mpl/{port}/ Moderate
GHSA-xjv7-6w92-42r7 was published for marimo (pip) Oct 1, 2025
acepace
Credited to acepace
SPDK is vulnerable to buffer overflow in the NVMe-oF target component Moderate
CVE-2025-57275 was published for spdk (pip) Oct 1, 2025
mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders Moderate
CVE-2025-59940 was published for mkdocs-include-markdown-plugin (pip) Sep 29, 2025
mondeja
Credited to mondeja
Apache Airflow: Connection sensitive details exposed to users with READ permissions Moderate
CVE-2025-54831 was published for apache-airflow (pip) Sep 26, 2025
ml-logger file handler allows reading arbitrary files Moderate
CVE-2025-10952 was published for ml-logger (pip) Sep 25, 2025
ml-logger has path traversal in the file argument Moderate
CVE-2025-10951 was published for ml-logger (pip) Sep 25, 2025
Llama Stack could potentially allow for remote code execution Moderate
CVE-2025-55178 was published for llama-stack (pip) Sep 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database