GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,561 advisories
vLLM vulnerable to remote code execution via transformers_utils/get_config
High
CVE-2025-66448
was published
for
vllm
(pip)
Dec 2, 2025
Keras Directory Traversal Vulnerability
High
CVE-2025-12060
was published
for
keras
(pip)
Dec 2, 2025
Cross-Site Request Forgery in sqlite-web
High
CVE-2021-23404
was published
for
sqlite-web
(pip)
Sep 9, 2021
Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE
High
CVE-2025-64495
was published
for
open-webui
(npm)
Nov 7, 2025
Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer
High
CVE-2025-62703
was published
for
fugue
(pip)
Nov 25, 2025
LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates
High
CVE-2025-65106
was published
for
langchain-core
(pip)
Nov 20, 2025
vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs
High
CVE-2025-62372
was published
for
vllm
(pip)
Nov 20, 2025
vLLM deserialization vulnerability leading to DoS and potential RCE
High
CVE-2025-62164
was published
for
vllm
(pip)
Nov 20, 2025
Arbitrary Code Execution in pdfminer.six via Crafted PDF Input
High
CVE-2025-64512
was published
for
pdfminer.six
(pip)
Nov 7, 2025
Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation
High
CVE-2025-6176
was published
for
Scrapy
(pip)
Oct 31, 2025
Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc
High
GHSA-f83h-ghpp-7wcc
was published
for
pdfminer.six
(pip)
Nov 7, 2025
Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events
High
CVE-2025-64496
was published
for
open-webui
(npm)
Nov 7, 2025
Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input (via CPU)
High
CVE-2025-64509
was published
for
bugsink
(pip)
Nov 13, 2025
ProTip!
Advisories are also available from the
GraphQL API