Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,923 advisories

Loading
xgrammar vulnerable to denial of service by huge enum grammar Moderate
CVE-2025-58446 was published for xgrammar (pip) Sep 5, 2025
xendo
internetarchive Vulnerable to Directory Traversal in File.download() Critical
CVE-2025-58438 was published for internetarchive (pip) Sep 5, 2025
pengowray
pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability High
CVE-2025-9636 was published for pgadmin4 (pip) Sep 5, 2025
TkEasyGUI Affected by Uncontrolled Search Path Element Issue High
CVE-2025-55671 was published for TkEasyGUI (pip) Sep 5, 2025
TkEasyGUI Vulnerable to OS Command Injection Critical
CVE-2025-55037 was published for TkEasyGUI (pip) Sep 5, 2025
Pixar OpenUSD Sdf_PathNode Module Use-After-Free Vulnerability Leading to Potential Remote Code Execution Critical
GHSA-58p5-r2f6-g2cj was published for usd-core (pip) Sep 4, 2025
bshyuunn
Weblate has a long session expiry when verifying second factor Low
CVE-2025-58352 was published for Weblate (pip) Sep 4, 2025
nijel
Langchain Community Vulnerable to XML External Entity (XXE) Attacks High
CVE-2025-6984 was published for langchain-community (pip) Sep 4, 2025
DeepDiff Class Pollution in Delta class leading to DoS, Remote Code Execution, and more Critical
CVE-2025-58367 was published for deepdiff (pip) Sep 3, 2025
diogotcorreia
MobSF Path Traversal in GET /download/<filename> using absolute filenames Low
CVE-2025-58161 was published for mobsf (pip) Sep 2, 2025
noname1337h1
MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction Moderate
CVE-2025-58162 was published for mobsf (pip) Sep 2, 2025
noname1337h1
ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header High
CVE-2025-57808 was published for esphome (pip) Sep 2, 2025
bcat
Local Deep Research's API keys are stored in plain text Moderate
CVE-2025-57806 was published for local-deep-research (pip) Sep 2, 2025
i-d-lytvynenko
Eventlet affected by HTTP request smuggling in unparsed trailers Moderate
CVE-2025-58068 was published for eventlet (pip) Aug 29, 2025
sebastianosrt
Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata Low
CVE-2025-55304 was published for Exiv2 (pip) Aug 29, 2025
gluck-pwn
Exiv2 Segmentation Faults in Exiv2::EpsImage::writeMetadata() via crafted EPS file Low
CVE-2025-54080 was published for Exiv2 (pip) Aug 29, 2025
dragonArthurX
Picklescan is missing detection when calling built-in python library asyncio.unix_events._UnixSubprocessTransport._start Moderate
GHSA-q77w-mwjj-7mqx was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan is missing detection when calling built-in python cProfile.run Moderate
GHSA-49gj-c84q-6qm9 was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan is missing detection when calling built-in python cProfile.runctx Moderate
GHSA-9w88-8rmg-7g2p was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan is missing detection when calling built-in python doctest.debug_script Moderate
GHSA-fqq6-7vqf-w3fg was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcode Moderate
GHSA-3gf5-cxq9-w223 was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcommand Moderate
GHSA-j343-8v2j-ff7w was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan is missing detection when calling built-in python idlelib.run.Executive.runcode Moderate
GHSA-m869-42cg-3xwr was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan is missing detection when calling built-in python lib2to3.pgen2.pgen.ParserGenerator.make_label Moderate
GHSA-p9w7-82w4-7q8m was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan is missing detection when calling built-in python ensurepip._run_pip Moderate
GHSA-xp4f-hrf8-rxw7 was published for picklescan (pip) Aug 26, 2025
FredericDT
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database