Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,811
Erlang
36
GitHub Actions
32
Go
2,396
Maven
5,000+
npm
4,033
NuGet
721
pip
3,824
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,824 advisories

Loading
Calibre Web and Autocaliweb have OS Command Injection vulnerability Moderate
CVE-2025-7404 was published for calibreweb (pip) Jul 24, 2025
gelbphoenix
Skops may allow MethodNode to access unexpected object fields through dot notation, leading to arbitrary code execution at load time High
CVE-2025-54413 was published for skops (pip) Jul 25, 2025
io-no
Skops has Inconsistent Trusted Type Validation that Enables Hidden `operator` Methods Execution High
CVE-2025-54412 was published for skops (pip) Jul 25, 2025
io-no
Assemblyline 4 service client vulnerable to Arbitrary Write through path traversal in Client code Critical
GHSA-75jv-vfxf-3865 was published for assemblyline-service-client (pip) Jul 25, 2025
libyanlake
FastAPI Guard has a regex bypass High
CVE-2025-54365 was published for fastapi-guard (pip) Jul 23, 2025
dhki rennf93
Mezzanine CMS vulnerable to Cross-site Scripting Moderate
CVE-2025-50481 was published for Mezzanine (pip) Jul 23, 2025
Cadwyn vulnerable to XSS on the docs page High
CVE-2025-53528 was published for cadwyn (pip) Jul 21, 2025
protozeit
Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage High
CVE-2019-1010083 was published for flask (pip) Jul 19, 2019
`pyLoad` has Path Traversal Vulnerability in `json/upload` Endpoint that allows Arbitrary File Write High
CVE-2025-54140 was published for pyload-ng (pip) Jul 21, 2025
odaysec
Dagster Local File Inclusion vulnerability Moderate
CVE-2025-51481 was published for dagster (pip) Jul 22, 2025
Reverb use after free vulnerability Moderate
CVE-2024-8375 was published for dm-reverb (pip) Sep 19, 2024
Aim vulnerable to Cross-site Scripting Moderate
CVE-2025-51464 was published for aim (pip) Jul 22, 2025
Indico vulnerability allows attackers to bulk dump user details Moderate
CVE-2025-53640 was published for indico (pip) Jul 14, 2025
rafaelcorvino1 rildosouza
nmmorette
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability Moderate
CVE-2024-35255 was published for @azure/identity (Go) Jun 11, 2024
scottaddie localden
Aim vulnerable to Cross-Site Request Forgery High
CVE-2024-7760 was published for aim (pip) Mar 20, 2025
Starlette has possible denial-of-service vector when parsing large files in multipart forms Moderate
CVE-2025-54121 was published for starlette (pip) Jul 21, 2025
HonakerM defnull
wai25
Open WebUI Uncontrolled Resource Consumption vulnerability High
CVE-2024-7036 was published for open-webui (pip) Mar 20, 2025
LangChain Community SSRF vulnerability exists in RequestsToolkit component High
CVE-2025-2828 was published for langchain-community (pip) Jun 23, 2025
DB-GPT is vulnerable to SQL Injection attacks from unauthenticated users Critical
CVE-2024-10835 was published for dbgpt (pip) Mar 20, 2025
Weblate exposes personal IP address via e-mail Low
CVE-2025-49134 was published for weblate (pip) Jun 16, 2025
amCap1712 nijel
Apache Superset Allows Ownership Takeover Moderate
CVE-2025-27696 was published for apache-superset (pip) May 13, 2025
Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions Low
CVE-2024-53947 was published for apache-superset (pip) Dec 9, 2024
pyLoad vulnerable to XSS through insecure CAPTCHA Critical
CVE-2025-53890 was published for pyload-ng (pip) Jul 15, 2025
odaysec
AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections Low
CVE-2025-53643 was published for aiohttp (pip) Jul 14, 2025
JeppW
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database