Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,779
Erlang
36
GitHub Actions
29
Go
2,338
Maven
5,000+
npm
3,972
NuGet
714
pip
3,769
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+

296 advisories

Loading
Weblate exposes personal IP address via e-mail Low
CVE-2025-49134 was published for weblate (pip) Jun 16, 2025
amCap1712 nijel
Vantage6 Server JWT secret not cryptographically secure Low
CVE-2025-43866 was published for vantage6-server (pip) Jun 12, 2025
vantage6 lacks brute-force protection on change password functionality Low
CVE-2025-43863 was published for vantage6 (pip) Jun 12, 2025
Sentry's Python SDK unintentionally exposes environment variables to subprocesses Low
CVE-2024-40647 was published for sentry-sdk (pip) Jul 18, 2024
kmichel-aiven cgurnik
Aim Vulnerable to Sandbox Escape Leading to Remote Code Execution Low
CVE-2025-5321 was published for aim (pip) May 29, 2025
Gradio CORS Origin Validation Bypass Vulnerability Low
CVE-2025-5320 was published for gradio (pip) May 29, 2025
PyTorch susceptible to local Denial of Service Low
CVE-2025-2953 was published for torch (pip) Mar 30, 2025
Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching Low
CVE-2025-46570 was published for vllm (pip) May 28, 2025
russellb dr75
DarkLight1337
Vyper's `slice()` may elide side-effects when output length is 0 Low
CVE-2025-47774 was published for vyper (pip) May 16, 2025
th3anatomist
Vyper's `concat()` builtin may elide side-effects for zero-length arguments Low
CVE-2025-47285 was published for vyper (pip) May 16, 2025
th3anatomist
Flask uses fallback key instead of current signing key Low
CVE-2025-47278 was published for flask (pip) May 13, 2025
jayaddison Brax94
AWorld OS Command Injection vulnerability Low
CVE-2025-4032 was published for aworld (pip) Apr 28, 2025
OpenStack Ironic fails to restrict paths used for file:// image URLs Low
CVE-2025-44021 was published for ironic (pip) May 8, 2025
markdownify allows large headline prefixes such as <h9999999>, which causes memory consumption Low
CVE-2025-46656 was published for markdownify (pip) Apr 27, 2025
Vyper Does Not Check the Success of Certain Precompile Calls Low
CVE-2025-21607 was published for vyper (pip) Jan 14, 2025
ritzdorf vasinicola
trocher
VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext Low
CVE-2025-32021 was published for weblate (pip) Apr 15, 2025
joonashak nijel
gersona
plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images Low
CVE-2023-41048 was published for plone.namedfile (pip) Sep 21, 2023
msegoviag
AugAssign evaluation order causing OOB write within the object in Vyper Low
CVE-2025-27105 was published for vyper (pip) Feb 21, 2025
Vyper has a double eval in For List Iter Low
CVE-2025-27104 was published for vyper (pip) Feb 21, 2025
Vyper's sqrt doesn't define rounding behavior Low
CVE-2025-26622 was published for vyper (pip) Feb 21, 2025
MLflow has Weak Password Requirements Low
CVE-2025-1474 was published for mlflow (pip) Mar 20, 2025
Flask-AppBuilder Observable Response Discrepancy Low
CVE-2025-24023 was published for flask-appbuilder (pip) Mar 3, 2025
millad7
Django TomSelect incomplete escaping of dangerous characters in widget attributes Low
GHSA-785h-76cm-cpmf was published for django-tomselect (pip) Mar 26, 2025
pysean3
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability Low
CVE-2024-42447 was published for apache-airflow-providers-fab (pip) Aug 5, 2024
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings Low
CVE-2022-31177 was published for Flask-AppBuilder (pip) Jul 29, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database