GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,819
Erlang
36
GitHub Actions
32
Go
2,410
Maven
5,000+
npm
4,046
NuGet
723
pip
3,842
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+
1,481 advisories
Filter by severity
OpenEXR Heap-Based Buffer Overflow in Deep Scanline Parsing via Forged Unpacked Size
High
CVE-2025-48071
was published
for
OpenEXR
(pip)
Jul 31, 2025
Bugsink path traversal via event_id in ingestion
High
CVE-2025-54433
was published
for
bugsink
(pip)
Jul 29, 2025
smolagents has Sandbox Escape Vulnerability in the local_python_executor.py Module
High
CVE-2025-5120
was published
for
smolagents
(pip)
Jul 27, 2025
Skops may allow MethodNode to access unexpected object fields through dot notation, leading to arbitrary code execution at load time
High
CVE-2025-54413
was published
for
skops
(pip)
Jul 25, 2025
Skops has Inconsistent Trusted Type Validation that Enables Hidden `operator` Methods Execution
High
CVE-2025-54412
was published
for
skops
(pip)
Jul 25, 2025
Calibre Web and Autocaliweb have a ReDoS vulnerability
High
CVE-2025-6998
was published
for
calibreweb
(pip)
Jul 24, 2025
FastAPI Guard has a regex bypass
High
CVE-2025-54365
was published
for
fastapi-guard
(pip)
Jul 23, 2025
`pyLoad` has Path Traversal Vulnerability in `json/upload` Endpoint that allows Arbitrary File Write
High
CVE-2025-54140
was published
for
pyload-ng
(pip)
Jul 21, 2025
Cadwyn vulnerable to XSS on the docs page
High
CVE-2025-53528
was published
for
cadwyn
(pip)
Jul 21, 2025
ExecuTorch vulnerable to Heap-based Buffer Overflow attack
High
CVE-2025-30402
was published
for
executorch
(pip)
Jul 11, 2025
pyLoad is vulnerable to attacks that bypass localhost restrictions, enabling the creation of arbitrary packages
High
CVE-2025-7346
was published
for
pyload-ng
(pip)
Jul 8, 2025
Duplicate Advisory: GHSA-x698-5hjm-w2m5
High
GHSA-2wcm-vx67-3x4q
was published
for
pyload-ng
(pip)
Jul 8, 2025
•
withdrawn
LlamaIndex vulnerable to Path Traversal attack through its encode_image function
High
CVE-2025-6209
was published
for
llama-index-core
(pip)
Jul 7, 2025
Lord of Large Language Models vulnerable to Observable Discrepancy attack via authenticate_user function
High
CVE-2025-6386
was published
for
lollms
(pip)
Jul 7, 2025
LlamaIndex is vulnerable to Path Traversal attack through its ObsidianReader class
High
CVE-2025-3046
was published
for
llama-index-readers-obsidian
(pip)
Jul 7, 2025
LlamaIndex has an XML Entity Expansion vulnerability in its sitemap parser
High
CVE-2025-3225
was published
for
llama-index-readers-papers
(pip)
Jul 7, 2025
MCP Python SDK vulnerability in the FastMCP Server causes validation error, leading to DoS
High
CVE-2025-53366
was published
for
mcp
(pip)
Jul 4, 2025
MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to Denial of Service
High
CVE-2025-53365
was published
for
mcp
(pip)
Jul 4, 2025
Pillow vulnerability can cause write buffer overflow on BCn encoding
High
CVE-2025-48379
was published
for
pillow
(pip)
Jul 1, 2025
MobSF vulnerability allows SSRF due to the allow_redirects=True parameter
High
CVE-2024-54000
was published
for
mobsf
(pip)
Jun 27, 2025
LLaMA-Factory allows Code Injection through improper vhead_file safeguards
High
CVE-2025-53002
was published
for
llamafactory
(pip)
Jun 27, 2025
LangChain Community SSRF vulnerability exists in RequestsToolkit component
High
CVE-2025-2828
was published
for
langchain-community
(pip)
Jun 23, 2025
ChangeDetection.io XSS in watch overview
High
CVE-2025-52558
was published
for
changedetection.io
(pip)
Jun 23, 2025
protobuf-python has a potential Denial of Service issue
High
CVE-2025-4565
was published
for
protobuf
(pip)
Jun 16, 2025
Salt has minion event bus authorization bypass vulnerability
High
CVE-2025-22236
was published
for
salt
(pip)
Jun 13, 2025
ProTip!
Advisories are also available from the
GraphQL API