Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,791
Erlang
36
GitHub Actions
29
Go
2,370
Maven
5,000+
npm
3,995
NuGet
720
pip
3,789
Pub
12
RubyGems
927
Rust
984
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,540 advisories

Loading
LlamaIndex vulnerability in ArxivReader class can cause MD5 hash collisions Moderate
CVE-2025-3044 was published for llama-index-readers-papers (pip) Jul 7, 2025
Transformers vulnerable to ReDoS attack through its SETTING_RE variable Moderate
CVE-2025-3262 was published for transformers (pip) Jul 7, 2025
fastapi-guard is vulnerable to ReDoS through inefficient regex Moderate
CVE-2025-53539 was published for fastapi-guard (pip) Jul 7, 2025
Cycloctane rennf93
LlamaIndex has Incomplete Documentation of Program Execution related to JsonPickleSerializer component Moderate
CVE-2025-3108 was published for llama-index-core (pip) Jul 7, 2025
python-a2a has a path traversal in the create_workflow function Moderate
CVE-2025-6167 was published for python-a2a (pip) Jun 17, 2025
Apache IoTDB Discloses Sensitive Information via Log Files Moderate
CVE-2025-26864 was published for apache-iotdb (Maven) May 14, 2025
urllib3 does not control redirects in browsers and Node.js Moderate
CVE-2025-50182 was published for urllib3 (pip) Jun 18, 2025
illia-v pquentin
sethmlarson
OctoPrint Authenticated Reverse Proxy Page Authentication Bypass Moderate
CVE-2025-32788 was published for octoprint (pip) Apr 22, 2025
jacopotediosi
Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality Moderate
CVE-2024-53999 was published for mobsf (pip) Dec 3, 2024
lDomenx
HKUDS LightRAG allows Path Traversal via function upload_to_input_dir Moderate
CVE-2025-6773 was published for lightrag-hku (pip) Jun 27, 2025
LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py Moderate
CVE-2025-46567 was published for llamafactory (pip) Apr 23, 2025
Anchor0221 xhjy2020
MLFlow SSRF via gateway_proxy_handler Moderate
CVE-2025-52967 was published for mlflow (pip) Jun 23, 2025
vLLM allows clients to crash the openai server with invalid regex Moderate
CVE-2025-48943 was published for vllm (pip) May 28, 2025
g-eoj russellb
Jason-CKY
vLLM DOS: Remotely kill vllm over http with invalid JSON schema Moderate
CVE-2025-48942 was published for vllm (pip) May 28, 2025
derekhiggins Jason-CKY
russellb
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin Moderate
CVE-2023-48795 was published for golang.org/x/crypto (Go) Dec 18, 2023
TrueSkrillor lambdafu
LunaBorowska levpachmanov
vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py` Moderate
CVE-2025-48887 was published for vllm (pip) May 28, 2025
kexinoh russellb
mgoin
urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation Moderate
CVE-2025-50181 was published for urllib3 (pip) Jun 18, 2025
sandumjacob illia-v
pquentin sethmlarson
Vyper: reversed order of side effects for some operations Moderate
CVE-2023-40015 was published for vyper (pip) Sep 4, 2023
trocher
PyTorch Improper Resource Shutdown or Release vulnerability Moderate
CVE-2025-3730 was published for torch (pip) Apr 16, 2025
ferdlestier
Salt's file contents overwrite the VirtKey class Moderate
CVE-2025-22241 was published for salt (pip) Jun 13, 2025
Weblate lacks rate limiting when verifying second factor Moderate
CVE-2025-47951 was published for weblate (pip) Jun 16, 2025
nijel obscuredeer
amCap1712
Mezzanine CMS has a Stored Cross-Site Scripting (XSS) vulnerability in the displayable_links_js function Moderate
CVE-2025-6050 was published for Mezzanine (pip) Jun 17, 2025
pycares has a Use-After-Free Vulnerability Moderate
GHSA-5qpg-rh4j-qp35 was published for pycares (pip) Jun 16, 2025
vEpiphyte
Salt's worker process vulnerable to denial of service through file read operation Moderate
CVE-2025-22242 was published for salt (pip) Jun 13, 2025
Salt allows arbitrary directory creation or file deletion Moderate
CVE-2025-22240 was published for salt (pip) Jun 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database