GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,678 advisories
Werkzeug safe_join() allows Windows special device names
Moderate
CVE-2025-66221
was published
for
werkzeug
(pip)
Dec 2, 2025
fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib
Moderate
CVE-2025-66034
was published
for
fonttools
(pip)
Dec 1, 2025
Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch
Moderate
CVE-2025-1945
was published
for
picklescan
(pip)
Mar 10, 2025
Zip Exploit Crashes Picklescan But Not PyTorch
Moderate
CVE-2025-1944
was published
for
picklescan
(pip)
Mar 10, 2025
pypdf's LZWDecode streams be manipulated to exhaust RAM
Moderate
CVE-2025-66019
was published
for
pypdf
(pip)
Nov 24, 2025
MLX has Wild Pointer Dereference in load_gguf()
Moderate
CVE-2025-62609
was published
for
mlx
(pip)
Nov 21, 2025
MLX has heap-buffer-overflow in load()
Moderate
CVE-2025-62608
was published
for
mlx
(pip)
Nov 21, 2025
vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`
Moderate
CVE-2025-62426
was published
for
vllm
(pip)
Nov 20, 2025
marimo vulnerable to proxy abuse of /mpl/{port}/
Moderate
GHSA-xjv7-6w92-42r7
was published
for
marimo
(pip)
Oct 1, 2025
Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode
Moderate
CVE-2025-58337
was published
for
doris-mcp-server
(pip)
Nov 5, 2025
OctoPrint vulnerable to XSS in Action Commands Notification and Prompt
Moderate
CVE-2025-64187
was published
for
octoprint
(pip)
Nov 4, 2025
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode
Moderate
CVE-2024-3651
was published
for
idna
(pip)
Apr 11, 2024
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
Moderate
CVE-2023-48795
was published
for
golang.org/x/crypto
(Go)
Dec 18, 2023
ProTip!
Advisories are also available from the
GraphQL API