Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,826
Erlang
36
GitHub Actions
32
Go
2,426
Maven
5,000+
npm
4,058
NuGet
723
pip
3,848
Pub
12
RubyGems
934
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,848 advisories

Loading
Skops has Inconsistent Trusted Type Validation that Enables Hidden `operator` Methods Execution High
CVE-2025-54412 was published for skops (pip) Jul 25, 2025
io-no
Assemblyline 4 service client vulnerable to Arbitrary Write through path traversal in Client code Critical
GHSA-75jv-vfxf-3865 was published for assemblyline-service-client (pip) Jul 25, 2025
serexp
Calibre Web and Autocaliweb have OS Command Injection vulnerability Moderate
CVE-2025-7404 was published for calibreweb (pip) Jul 24, 2025
gelbphoenix
Calibre Web and Autocaliweb have a ReDoS vulnerability High
CVE-2025-6998 was published for calibreweb (pip) Jul 24, 2025
gelbphoenix
Mezzanine CMS vulnerable to Cross-site Scripting Moderate
CVE-2025-50481 was published for Mezzanine (pip) Jul 23, 2025
FastAPI Guard has a regex bypass High
CVE-2025-54365 was published for fastapi-guard (pip) Jul 23, 2025
dhki rennf93
Aim vulnerable to Cross-site Scripting Moderate
CVE-2025-51464 was published for aim (pip) Jul 22, 2025
Dagster Local File Inclusion vulnerability Moderate
CVE-2025-51481 was published for dagster (pip) Jul 22, 2025
`pyLoad` has Path Traversal Vulnerability in `json/upload` Endpoint that allows Arbitrary File Write High
CVE-2025-54140 was published for pyload-ng (pip) Jul 21, 2025
odaysec
Starlette has possible denial-of-service vector when parsing large files in multipart forms Moderate
CVE-2025-54121 was published for starlette (pip) Jul 21, 2025
HonakerM defnull
wai25
Cadwyn vulnerable to XSS on the docs page High
CVE-2025-53528 was published for cadwyn (pip) Jul 21, 2025
protozeit
pyLoad vulnerable to XSS through insecure CAPTCHA Critical
CVE-2025-53890 was published for pyload-ng (pip) Jul 15, 2025
odaysec
AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections Low
CVE-2025-53643 was published for aiohttp (pip) Jul 14, 2025
JeppW
Indico vulnerability allows attackers to bulk dump user details Moderate
CVE-2025-53640 was published for indico (pip) Jul 14, 2025
rafaelcorvino1 rildosouza
nmmorette
py-libp2p is vulnerable to DoS attacks through use of large RSA keys Moderate
CVE-2025-29606 was published for libp2p (pip) Jul 14, 2025
Roundup is vulnerable to XSS through interactions between URLs and issue tracker templates Moderate
CVE-2025-53865 was published for roundup (pip) Jul 13, 2025
ExecuTorch vulnerable to Heap-based Buffer Overflow attack High
CVE-2025-30402 was published for executorch (pip) Jul 11, 2025
Transformers is vulnerable to ReDoS attack through its DonutProcessor class Moderate
CVE-2025-3933 was published for transformers (pip) Jul 11, 2025
LlamaIndex vulnerable to data loss through hash collisions in its DocugamiReader class Moderate
CVE-2025-6211 was published for llama-index (pip) Jul 10, 2025
pyLoad is vulnerable to attacks that bypass localhost restrictions, enabling the creation of arbitrary packages High
CVE-2025-7346 was published for pyload-ng (pip) Jul 8, 2025
PinkDraconian
Duplicate Advisory: GHSA-x698-5hjm-w2m5 High
GHSA-2wcm-vx67-3x4q was published for pyload-ng (pip) Jul 8, 2025 withdrawn
fastapi-guard is vulnerable to ReDoS through inefficient regex Moderate
CVE-2025-53539 was published for fastapi-guard (pip) Jul 7, 2025
Cycloctane rennf93
Dagster vulnerable to Path Traversal attack through its /logs endpoint Moderate
CVE-2023-51232 was published for dagster (pip) Jul 7, 2025
LlamaIndex vulnerable to Path Traversal attack through its encode_image function High
CVE-2025-6209 was published for llama-index-core (pip) Jul 7, 2025
LlamaIndex vulnerable to DoS attack through uncontrolled recursive JSON parsing Moderate
CVE-2025-5472 was published for llama-index-core (pip) Jul 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database