Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,481 advisories

Loading
OpenEXR Heap-Based Buffer Overflow in Deep Scanline Parsing via Forged Unpacked Size High
CVE-2025-48071 was published for OpenEXR (pip) Jul 31, 2025
suidpit TheZ3ro
ndaprela smaury
Bugsink path traversal via event_id in ingestion High
CVE-2025-54433 was published for bugsink (pip) Jul 29, 2025
smolagents has Sandbox Escape Vulnerability in the local_python_executor.py Module High
CVE-2025-5120 was published for smolagents (pip) Jul 27, 2025
Calibre Web and Autocaliweb have a ReDoS vulnerability High
CVE-2025-6998 was published for calibreweb (pip) Jul 24, 2025
gelbphoenix
FastAPI Guard has a regex bypass High
CVE-2025-54365 was published for fastapi-guard (pip) Jul 23, 2025
dhki rennf93
Cadwyn vulnerable to XSS on the docs page High
CVE-2025-53528 was published for cadwyn (pip) Jul 21, 2025
protozeit
ExecuTorch vulnerable to Heap-based Buffer Overflow attack High
CVE-2025-30402 was published for executorch (pip) Jul 11, 2025
Duplicate Advisory: GHSA-x698-5hjm-w2m5 High
GHSA-2wcm-vx67-3x4q was published for pyload-ng (pip) Jul 8, 2025 withdrawn
LlamaIndex vulnerable to Path Traversal attack through its encode_image function High
CVE-2025-6209 was published for llama-index-core (pip) Jul 7, 2025
LlamaIndex is vulnerable to Path Traversal attack through its ObsidianReader class High
CVE-2025-3046 was published for llama-index-readers-obsidian (pip) Jul 7, 2025
LlamaIndex has an XML Entity Expansion vulnerability in its sitemap parser High
CVE-2025-3225 was published for llama-index-readers-papers (pip) Jul 7, 2025
Pillow vulnerability can cause write buffer overflow on BCn encoding High
CVE-2025-48379 was published for pillow (pip) Jul 1, 2025
MobSF vulnerability allows SSRF due to the allow_redirects=True parameter High
CVE-2024-54000 was published for mobsf (pip) Jun 27, 2025
bulutenes aydinnyunus
LLaMA-Factory allows Code Injection through improper vhead_file safeguards High
CVE-2025-53002 was published for llamafactory (pip) Jun 27, 2025
LianKee
LangChain Community SSRF vulnerability exists in RequestsToolkit component High
CVE-2025-2828 was published for langchain-community (pip) Jun 23, 2025
ChangeDetection.io XSS in watch overview High
CVE-2025-52558 was published for changedetection.io (pip) Jun 23, 2025
dgtlmoon
protobuf-python has a potential Denial of Service issue High
CVE-2025-4565 was published for protobuf (pip) Jun 16, 2025
Salt has minion event bus authorization bypass vulnerability High
CVE-2025-22236 was published for salt (pip) Jun 13, 2025
ProTip! Advisories are also available from the GraphQL API