Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,634
Maven
5,000+
npm
4,258
NuGet
760
pip
4,051
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

519 advisories

Loading
Apache Pyfory python is vulnerable to deserialization of untrusted data Critical
CVE-2025-61622 was published for pyfory (pip) Oct 1, 2025
Langflow Unauth RCE Critical
CVE-2025-3248 was published for langflow (pip) Jun 17, 2025
chximn-dt
Credited to chximn-dt
Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects. Critical
CVE-2025-64459 was published for django (pip) Nov 5, 2025
Django SQL injection vulnerability Critical
CVE-2024-42005 was published for Django (pip) Aug 7, 2024
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments Critical
CVE-2023-40267 was published for GitPython (pip) Aug 11, 2023
GitPython vulnerable to Remote Code Execution due to improper user input validation Critical
CVE-2022-24439 was published for GitPython (pip) Dec 6, 2022
ad-m-ss tdunlap607
Credited to ad-m-ss and tdunlap607
internetarchive Vulnerable to Directory Traversal in File.download() Critical
CVE-2025-58438 was published for internetarchive (pip) Sep 5, 2025
pengowray
Credited to pengowray
Authentication bypass in Apache Airflow Critical
CVE-2020-13927 was published for apache-airflow (pip) Apr 30, 2021
sunSUNQ
Credited to sunSUNQ
SaltStack Salt Command Injection in netapi ssh client Critical
CVE-2020-16846 was published for salt (pip) May 24, 2022
pyquokka is Vulnerable to Remote Code Execution by Pickle Deserialization via FlightServer Critical
CVE-2025-62515 was published for pyquokka (pip) Oct 17, 2025
Chenpinji
Credited to Chenpinji
Withdrawn Advisory: Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py Critical
CVE-2024-39236 was published for Gradio (pip) Jul 1, 2024 withdrawn
kmulka-bloomberg
Credited to kmulka-bloomberg
Keras framework vulnerable to deserialization of untrusted data Critical
CVE-2025-49655 was published for keras (pip) Oct 17, 2025
InvokeAI Arbitrary File Deletion vulnerability Critical
CVE-2024-11042 was published for InvokeAI (pip) Mar 20, 2025
DB-GPT vulnerable to Arbitrary File Upload with Path Traversal Critical
CVE-2024-10902 was published for dbgpt (pip) Mar 20, 2025
DB-GPT Absolute Path Traversal in knowledge/{space_name}/document/upload Critical
CVE-2024-10833 was published for dbgpt (pip) Mar 20, 2025
Horovod Vulnerable to Command Injection Critical
CVE-2024-10190 was published for horovod (pip) Mar 20, 2025
pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint Critical
CVE-2024-5980 was published for lightning (pip) Jun 27, 2024
awaelchli
Credited to awaelchli
qdrant input validation failure Critical
CVE-2024-3829 was published for qdrant-client (pip) Jun 3, 2024
BBOT's insufficient sanitization issues in gitdumper.py can lead to RCE Critical
CVE-2025-10283 was published for bbot (pip) Oct 9, 2025
justinsteven
Credited to justinsteven
BBOT's various issues in unarchive.py can cause arbitrary file write and RCE Critical
CVE-2025-10284 was published for bbot (pip) Oct 9, 2025
justinsteven liquidsec
TheTechromancer
Credited to justinsteven, liquidsec, and TheTechromancer
scio is vunerable to Remote Command Execution through PyTorch Critical
GHSA-m9mp-6x32-5rhg was published for scio-pypi (pip) Oct 9, 2025
eliegoudout
Credited to eliegoudout
ExecuTorch integer overflow vulnerability Critical
CVE-2025-30405 was published for executorch (Maven) Aug 8, 2025
Fidget-Grep
Credited to Fidget-Grep
ExecuTorch integer overflow vulnerability Critical
CVE-2025-30404 was published for executorch (Maven) Aug 8, 2025
Fidget-Grep
Credited to Fidget-Grep
ExecuTorch vulnerable to Heap-based Buffer Overflow Critical
CVE-2025-54951 was published for executorch (Maven) Aug 8, 2025
Fidget-Grep
Credited to Fidget-Grep
ExecuTorch heap buffer overflow vulnerability Critical
CVE-2025-54949 was published for executorch (Maven) Aug 8, 2025
Fidget-Grep
Credited to Fidget-Grep
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database