GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
516 advisories
BBOT's insufficient sanitization issues in gitdumper.py can lead to RCE
Critical
CVE-2025-10283
was published
for
bbot
(pip)
Oct 9, 2025
BBOT's various issues in unarchive.py can cause arbitrary file write and RCE
Critical
CVE-2025-10284
was published
for
bbot
(pip)
Oct 9, 2025
scio is vunerable to Remote Command Execution through PyTorch
Critical
GHSA-m9mp-6x32-5rhg
was published
for
scio-pypi
(pip)
Oct 9, 2025
InvokeAI has External Control of File Name or Path
Critical
CVE-2025-6237
was published
for
invokeai
(pip)
Sep 18, 2025
mcp-kubernetes-server has an OS Command Injection vulnerability
Critical
CVE-2025-59377
was published
for
mcp-kubernetes-server
(pip)
Sep 15, 2025
Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports
Critical
CVE-2025-10157
was published
for
picklescan
(pip)
Sep 10, 2025
internetarchive Vulnerable to Directory Traversal in File.download()
Critical
CVE-2025-58438
was published
for
internetarchive
(pip)
Sep 5, 2025
Pixar OpenUSD Sdf_PathNode Module Use-After-Free Vulnerability Leading to Potential Remote Code Execution
Critical
GHSA-58p5-r2f6-g2cj
was published
for
usd-core
(pip)
Sep 4, 2025
DeepDiff Class Pollution in Delta class leading to DoS, Remote Code Execution, and more
Critical
CVE-2025-58367
was published
for
deepdiff
(pip)
Sep 3, 2025
ExecuTorch integer overflow vulnerability
Critical
CVE-2025-30405
was published
for
executorch
(Maven)
Aug 8, 2025
ExecuTorch out-of-bounds access vulnerability
Critical
CVE-2025-54950
was published
for
executorch
(Maven)
Aug 8, 2025
ExecuTorch vulnerable to Heap-based Buffer Overflow
Critical
CVE-2025-54951
was published
for
executorch
(Maven)
Aug 8, 2025
ExecuTorch integer overflow vulnerability
Critical
CVE-2025-30404
was published
for
executorch
(Maven)
Aug 8, 2025
ExecuTorch heap buffer overflow vulnerability
Critical
CVE-2025-54949
was published
for
executorch
(Maven)
Aug 8, 2025
pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE)
Critical
CVE-2025-54802
was published
for
pyload-ng
(pip)
Aug 4, 2025
BentoML SSRF Vulnerability in File Upload Processing
Critical
CVE-2025-54381
was published
for
bentoml
(pip)
Jul 29, 2025
ProTip!
Advisories are also available from the
GraphQL API