Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,634
Maven
5,000+
npm
4,258
NuGet
760
pip
4,051
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,540 advisories

Loading
LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer High
CVE-2025-64439 was published for langgraph-checkpoint (pip) Nov 5, 2025
Django vulnerable to SQL injection in column aliases High
CVE-2025-59681 was published for django (pip) Oct 1, 2025
Django is subject to SQL injection through its column aliases High
CVE-2025-57833 was published for Django (pip) Sep 8, 2025
Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows High
CVE-2025-64458 was published for django (pip) Nov 5, 2025
MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability High
CVE-2025-11201 was published for mlflow (pip) Oct 29, 2025
MLflow Weak Password Requirements Authentication Bypass Vulnerability High
CVE-2025-11200 was published for mlflow (pip) Oct 29, 2025
Agno session state overwrites between different sessions/users High
CVE-2025-64168 was published for agno (pip) Oct 31, 2025
JasonLovesDoggo dirkbrnd
Credited to JasonLovesDoggo and dirkbrnd
Django denial-of-service attack in the intcomma template filter High
CVE-2024-24680 was published for Django (pip) Feb 7, 2024
Vulnerable OpenSSL included in cryptography wheels High
CVE-2023-0286 was published for cryptography (pip) Feb 8, 2023
ehe9991
Credited to ehe9991
Ankitects Anki arbitrary script execution vulnerability High
CVE-2024-26020 was published for anki (pip) Jul 22, 2024
bee-san
Credited to bee-san
Django vulnerable to Denial of Service High
CVE-2024-39614 was published for Django (pip) Jul 10, 2024
Django Path Traversal vulnerability High
CVE-2024-39330 was published for Django (pip) Jul 10, 2024
Django vulnerable to Denial of Service High
CVE-2024-38875 was published for Django (pip) Jul 10, 2024
setuptools vulnerable to Command Injection via package URL High
CVE-2024-6345 was published for setuptools (pip) Jul 15, 2024
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access High
CVE-2024-32498 was published for cinder (pip) Jul 5, 2024
Django Denial-of-service in django.utils.text.Truncator High
CVE-2023-43665 was published for Django (pip) Nov 3, 2023
Django has regular expression denial of service vulnerability in EmailValidator/URLValidator High
CVE-2023-36053 was published for Django (pip) Jul 3, 2023
pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS) High
CVE-2022-40897 was published for setuptools (pip) Dec 23, 2022
Brotli is vulnerable to a denial of service (DoS) attack due to decompression High
CVE-2025-6176 was published for brotli (pip) Oct 31, 2025
smithcoin
Credited to smithcoin
Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse`` High
CVE-2025-62727 was published for starlette (pip) Oct 28, 2025
ch4n3-yoon nadavaseal
Credited to ch4n3-yoon and nadavaseal
Tornado has an HTTP cookie parsing DoS vulnerability High
CVE-2024-52804 was published for tornado (pip) Nov 22, 2024
kexinoh
Credited to kexinoh
AsyncSSH Rogue Session Attack High
CVE-2023-46446 was published for asyncssh (pip) Nov 9, 2023
TrueSkrillor lambdafu
Credited to TrueSkrillor and lambdafu
`Cookie` HTTP header isn't stripped on cross-origin redirects High
CVE-2023-43804 was published for urllib3 (pip) Oct 2, 2023
ranjit-git pquentin
illia-v sethmlarson
Credited to ranjit-git, pquentin, illia-v, and sethmlarson
StripComments filter contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) High
CVE-2021-32839 was published for sqlparse (pip) Sep 10, 2021
erik-krogh
Credited to erik-krogh
py vulnerable to Regular Expression Denial of Service High
CVE-2020-29651 was published for py (pip) Apr 20, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database