GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,462 advisories
SSRF Vulnerability on assetlinks_check(act_name, well_knowns)
High
CVE-2024-29190
was published
for
mobsfscan
(pip)
Mar 22, 2024
vllm: Malicious model to RCE by torch.load in hf_model_weights_iterator
High
CVE-2025-24357
was published
for
vllm
(pip)
Jan 27, 2025
ChangeDetection.io XSS in watch overview
High
CVE-2025-52558
was published
for
changedetection.io
(pip)
Jun 23, 2025
AstrBot Has Path Traversal Vulnerability in /api/chat/get_file
High
CVE-2025-48957
was published
for
astrbot
(pip)
Jun 4, 2025
MobSF vulnerability allows SSRF due to the allow_redirects=True parameter
High
CVE-2024-54000
was published
for
mobsf
(pip)
Jun 27, 2025
LLaMA-Factory allows Code Injection through improper vhead_file safeguards
High
CVE-2025-53002
was published
for
llamafactory
(pip)
Jun 27, 2025
libwebp: OOB write in BuildHuffmanTable
High
CVE-2023-4863
was published
for
Pillow
(Go)
Sep 12, 2023
NULL Pointer Dereference in Protocol Buffers
High
CVE-2021-22570
was published
for
Google.Protobuf
(Composer)
Jan 27, 2022
setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write
High
CVE-2025-47273
was published
for
setuptools
(pip)
May 19, 2025
PyTorch heap buffer overflow vulnerability
High
CVE-2024-31580
was published
for
torch
(pip)
Apr 17, 2024
Apache Airflow vulnerable to Improper Encoding or Escaping of Output
High
CVE-2024-45498
was published
for
apache-airflow
(pip)
Sep 7, 2024
ProTip!
Advisories are also available from the
GraphQL API