Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,779
Erlang
36
GitHub Actions
29
Go
2,338
Maven
5,000+
npm
3,972
NuGet
714
pip
3,769
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,457 advisories

Loading
Gradio allows credential leakage on Windows High
CVE-2024-34510 was published for gradio (pip) May 5, 2024
Skyvern has a Jinja runtime leak High
CVE-2025-49619 was published for skyvern (pip) Jun 7, 2025
protobuf-python has a potential Denial of Service issue High
CVE-2025-4565 was published for protobuf (pip) Jun 16, 2025
AstrBot Has Path Traversal Vulnerability in /api/chat/get_file High
CVE-2025-48957 was published for astrbot (pip) Jun 4, 2025
7resp4ss Soulter
Raven95676
Salt vulnerable to arbitrary event injection High
CVE-2025-22239 was published for salt (pip) Jun 13, 2025
Salt has minion event bus authorization bypass vulnerability High
CVE-2025-22236 was published for salt (pip) Jun 13, 2025
setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write High
CVE-2025-47273 was published for setuptools (pip) May 19, 2025
SCH227
BackendAI vulnerable to Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2025-49653 was published for backend.ai (pip) Jun 9, 2025
Backend.AI Missing Authorization vulnerability High
CVE-2025-49651 was published for backend.ai (pip) Jun 9, 2025
PyTorch heap buffer overflow vulnerability High
CVE-2024-31580 was published for torch (pip) Apr 17, 2024
levpachmanov
Pytorch use-after-free vulnerability High
CVE-2024-31583 was published for torch (pip) Apr 17, 2024
levpachmanov
Apache Airflow vulnerable to Improper Encoding or Escaping of Output High
CVE-2024-45498 was published for apache-airflow (pip) Sep 7, 2024
exolightor
Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability High
CVE-2025-30167 was published for jupyter_core (pip) Jun 4, 2025
krassowski
Apache Superset: Improper authorization bypass on row level security via SQL Injection High
CVE-2025-48912 was published for apache-superset (pip) May 30, 2025
Duplicate Advisory: Bundled libwebp in Pillow vulnerable High
GHSA-56pw-mpj4-fxww was published for pillow (pip) Oct 5, 2023 withdrawn
dsten56
Tornado vulnerable to excessive logging caused by malformed multipart form data High
CVE-2025-47287 was published for tornado (pip) May 16, 2025
Startr4ck awsactran
youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization High
GHSA-22fp-mf44-f2mq was published for youtube-dl (pip) Apr 18, 2025
pukkandan JarLob
Grub4K dirkf rhdesmond
LLama-Index CLI OS command injection vulnerability High
CVE-2025-1753 was published for llama-index-cli (pip) May 28, 2025
Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin High
CVE-2025-5279 was published for redshift-connector (pip) May 28, 2025
Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking High
CVE-2025-48383 was published for django-select2 (pip) May 27, 2025
neartik ronanboiteau
rdiffweb's unlimited length email field can lead to DoS High
CVE-2022-3272 was published for rdiffweb (pip) Sep 27, 2022
Langroid has a Code Injection vulnerability in LanceDocChatAgent through vector_store High
CVE-2025-46725 was published for langroid (pip) May 20, 2025
SCH227
label-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter. High
CVE-2025-47783 was published for label-studio (pip) May 15, 2025
Medok228
Reflex vulnerable to private state fields modification High
CVE-2025-47425 was published for reflex (pip) May 15, 2025
adhami3310 masenf
Kastier1
motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution High
CVE-2025-47782 was published for motioneye (pip) May 15, 2025
hyperlyz MichaIng
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database