Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,778
Erlang
36
GitHub Actions
29
Go
2,336
Maven
5,000+
npm
3,969
NuGet
713
pip
3,767
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,531 advisories

Loading
PyTorch Improper Resource Shutdown or Release vulnerability Moderate
CVE-2025-3730 was published for torch (pip) Apr 16, 2025
ferdlestier
Salt's file contents overwrite the VirtKey class Moderate
CVE-2025-22241 was published for salt (pip) Jun 13, 2025
Weblate lacks rate limiting when verifying second factor Moderate
CVE-2025-47951 was published for weblate (pip) Jun 16, 2025
nijel obscuredeer
amCap1712
Mezzanine CMS has a Stored Cross-Site Scripting (XSS) vulnerability in the displayable_links_js function Moderate
CVE-2025-6050 was published for Mezzanine (pip) Jun 17, 2025
python-a2a has a path traversal in the create_workflow function Moderate
CVE-2025-6167 was published for python-a2a (pip) Jun 17, 2025
pycares has a Use-After-Free Vulnerability Moderate
GHSA-5qpg-rh4j-qp35 was published for pycares (pip) Jun 16, 2025
vEpiphyte
Salt's worker process vulnerable to denial of service through file read operation Moderate
CVE-2025-22242 was published for salt (pip) Jun 13, 2025
Salt allows arbitrary directory creation or file deletion Moderate
CVE-2025-22240 was published for salt (pip) Jun 13, 2025
Salt vulnerable to directory traversal attack in minion file cache creation Moderate
CVE-2025-22238 was published for salt (pip) Jun 13, 2025
Salt's on demand pillar functionality vulnerable to arbitrary command injections Moderate
CVE-2025-22237 was published for salt (pip) Jun 13, 2025
Salt's salt.auth.pki module does not properly authenticate callers Moderate
CVE-2024-38825 was published for salt (pip) Jun 13, 2025
zenml Session Fixation vulnerability Moderate
CVE-2024-2260 was published for zenml (pip) Apr 16, 2024
Mobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS Rebinding Moderate
CVE-2025-31116 was published for mobsf (pip) Mar 31, 2025
Sim4n6
pretix mishandles file validation Moderate
CVE-2024-27447 was published for pretix (pip) Feb 26, 2024
Nautobot may allows uploaded media files to be accessible without authentication Moderate
CVE-2025-49143 was published for nautobot (pip) Jun 10, 2025
Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating Moderate
CVE-2025-49142 was published for nautobot (pip) Jun 10, 2025
mzbroch
OctoPrint Vulnerable to Denial of Service through malformed HTTP request in OctoPrint Moderate
CVE-2025-48879 was published for OctoPrint (pip) Jun 10, 2025
jacopotediosi
OctoPrint vulnerable to possible file extraction via upload endpoints Moderate
CVE-2025-48067 was published for OctoPrint (pip) Jun 10, 2025
jacopotediosi
Django Improper Output Neutralization for Logs vulnerability Moderate
CVE-2025-48432 was published for Django (pip) Jun 5, 2025
Requests vulnerable to .netrc credentials leak via malicious URLs Moderate
CVE-2024-47081 was published for requests (pip) Jun 9, 2025
sethmlarson jupenur
nateprewitt sigmavirus24
In aiohttp, compressed files as symlinks are not protected from path traversal Moderate
CVE-2024-42367 was published for aiohttp (pip) Aug 9, 2024
steverep
HumanSignal label-studio-ml-backend Deserialization of Untrusted Data vulnerability Moderate
CVE-2025-5173 was published for label-studio-ml (pip) May 26, 2025
SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack Moderate
CVE-2025-48994 was published for signxml (pip) Jun 5, 2025
ahacker1-securesaml
SignXML's signature verification with HMAC is vulnerable to a timing attack Moderate
CVE-2025-48995 was published for signxml (pip) Jun 5, 2025
ahacker1-securesaml
pypickle Incorrect Privilege Assignment vulnerability Moderate
CVE-2025-5175 was published for pypickle (pip) May 26, 2025
PrinceRaj-0
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database