GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,461 advisories
ChangeDetection.io XSS in watch overview
High
CVE-2025-52558
was published
for
changedetection.io
(pip)
Jun 23, 2025
AstrBot Has Path Traversal Vulnerability in /api/chat/get_file
High
CVE-2025-48957
was published
for
astrbot
(pip)
Jun 4, 2025
MobSF vulnerability allows SSRF due to the allow_redirects=True parameter
High
CVE-2024-54000
was published
for
mobsf
(pip)
Jun 27, 2025
LLaMA-Factory allows Code Injection through improper vhead_file safeguards
High
CVE-2025-53002
was published
for
llamafactory
(pip)
Jun 27, 2025
libwebp: OOB write in BuildHuffmanTable
High
CVE-2023-4863
was published
for
Pillow
(Go)
Sep 12, 2023
NULL Pointer Dereference in Protocol Buffers
High
CVE-2021-22570
was published
for
Google.Protobuf
(Composer)
Jan 27, 2022
setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write
High
CVE-2025-47273
was published
for
setuptools
(pip)
May 19, 2025
PyTorch heap buffer overflow vulnerability
High
CVE-2024-31580
was published
for
torch
(pip)
Apr 17, 2024
Apache Airflow vulnerable to Improper Encoding or Escaping of Output
High
CVE-2024-45498
was published
for
apache-airflow
(pip)
Sep 7, 2024
Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
High
CVE-2025-30167
was published
for
jupyter_core
(pip)
Jun 4, 2025
Duplicate Advisory: Bundled libwebp in Pillow vulnerable
High
GHSA-56pw-mpj4-fxww
was published
for
pillow
(pip)
Oct 5, 2023
•
withdrawn
Tornado vulnerable to excessive logging caused by malformed multipart form data
High
CVE-2025-47287
was published
for
tornado
(pip)
May 16, 2025
youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization
High
GHSA-22fp-mf44-f2mq
was published
for
youtube-dl
(pip)
Apr 18, 2025
ProTip!
Advisories are also available from the
GraphQL API