Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,778
Erlang
36
GitHub Actions
29
Go
2,336
Maven
5,000+
npm
3,969
NuGet
713
pip
3,767
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,767 advisories

Loading
Gradio allows credential leakage on Windows High
CVE-2024-34510 was published for gradio (pip) May 5, 2024
PyTorch Improper Resource Shutdown or Release vulnerability Moderate
CVE-2025-3730 was published for torch (pip) Apr 16, 2025
ferdlestier
Skyvern has a Jinja runtime leak High
CVE-2025-49619 was published for skyvern (pip) Jun 7, 2025
Langflow Unauth RCE Critical
CVE-2025-3248 was published for langflow (pip) Jun 17, 2025
Duplicate Advisory: Langflow Vulnerable to Code Injection via the `/api/v1/validate/code` endpoint Critical
GHSA-c995-4fw3-j39m was published for langflow (pip) Apr 7, 2025 withdrawn
Salt's file contents overwrite the VirtKey class Moderate
CVE-2025-22241 was published for salt (pip) Jun 13, 2025
Weblate lacks rate limiting when verifying second factor Moderate
CVE-2025-47951 was published for weblate (pip) Jun 16, 2025
nijel obscuredeer
amCap1712
Mezzanine CMS has a Stored Cross-Site Scripting (XSS) vulnerability in the displayable_links_js function Moderate
CVE-2025-6050 was published for Mezzanine (pip) Jun 17, 2025
python-a2a has a path traversal in the create_workflow function Moderate
CVE-2025-6167 was published for python-a2a (pip) Jun 17, 2025
Weblate exposes personal IP address via e-mail Low
CVE-2025-49134 was published for weblate (pip) Jun 16, 2025
amCap1712 nijel
pycares has a Use-After-Free Vulnerability Moderate
GHSA-5qpg-rh4j-qp35 was published for pycares (pip) Jun 16, 2025
vEpiphyte
protobuf-python has a potential Denial of Service issue High
CVE-2025-4565 was published for protobuf (pip) Jun 16, 2025
AstrBot Has Path Traversal Vulnerability in /api/chat/get_file High
CVE-2025-48957 was published for astrbot (pip) Jun 4, 2025
7resp4ss Soulter
Raven95676
Salt vulnerable to directory traversal attack in file receiving method Critical
CVE-2024-38824 was published for salt (pip) Jun 13, 2025
Salt's worker process vulnerable to denial of service through file read operation Moderate
CVE-2025-22242 was published for salt (pip) Jun 13, 2025
Salt allows arbitrary directory creation or file deletion Moderate
CVE-2025-22240 was published for salt (pip) Jun 13, 2025
Salt vulnerable to arbitrary event injection High
CVE-2025-22239 was published for salt (pip) Jun 13, 2025
Salt vulnerable to directory traversal attack in minion file cache creation Moderate
CVE-2025-22238 was published for salt (pip) Jun 13, 2025
Salt's on demand pillar functionality vulnerable to arbitrary command injections Moderate
CVE-2025-22237 was published for salt (pip) Jun 13, 2025
Salt has minion event bus authorization bypass vulnerability High
CVE-2025-22236 was published for salt (pip) Jun 13, 2025
Salt's salt.auth.pki module does not properly authenticate callers Moderate
CVE-2024-38825 was published for salt (pip) Jun 13, 2025
setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write High
CVE-2025-47273 was published for setuptools (pip) May 19, 2025
SCH227
zenml Session Fixation vulnerability Moderate
CVE-2024-2260 was published for zenml (pip) Apr 16, 2024
Mobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS Rebinding Moderate
CVE-2025-31116 was published for mobsf (pip) Mar 31, 2025
Sim4n6
Vantage6 Server JWT secret not cryptographically secure Low
CVE-2025-43866 was published for vantage6-server (pip) Jun 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database