Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,891
Erlang
37
GitHub Actions
38
Go
2,550
Maven
5,000+
npm
4,221
NuGet
745
pip
3,998
Pub
12
RubyGems
953
Rust
1,039
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,998 advisories

Loading
Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.fetch_completions Moderate
GHSA-7cq8-mj8x-j263 was published for picklescan (pip) Aug 26, 2025
FredericDT
Credited to FredericDT
Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.get_entity Moderate
GHSA-6w4w-5w54-rjvr was published for picklescan (pip) Aug 26, 2025
FredericDT
Credited to FredericDT
Picklescan has a missing detection when calling built-in python idlelib.debugobj.ObjectTreeItem Moderate
GHSA-3vg9-h568-4w9m was published for picklescan (pip) Aug 26, 2025
FredericDT
Credited to FredericDT
Picklescan has a missing detection when calling built-in python lib2to3.pgen2.grammar.Grammar.loads Moderate
GHSA-f54q-57x4-jg88 was published for picklescan (pip) Aug 26, 2025
FredericDT
Credited to FredericDT
Picklescan has a missing detection when calling built-in python profile.Profile.runctx Moderate
GHSA-6vqj-c2q5-j97w was published for picklescan (pip) Aug 26, 2025
FredericDT
Credited to FredericDT
Picklescan has a missing detection when calling built-in python profile.Profile.run Moderate
GHSA-x696-vm39-cp64 was published for picklescan (pip) Aug 26, 2025
FredericDT
Credited to FredericDT
Picklescan has a missing detection when calling built-in python trace.Trace.runctx Moderate
GHSA-g344-hcph-8vgg was published for picklescan (pip) Aug 26, 2025
FredericDT
Credited to FredericDT
Picklescan has a missing detection when calling built-in python trace.Trace.run Moderate
GHSA-5qwp-399c-mjwf was published for picklescan (pip) Aug 26, 2025
FredericDT
Credited to FredericDT
xml2rfc has an arbitrary file read vulnerability High
CVE-2025-11058 was published for xml2rfc (pip) Aug 26, 2025
LlamaIndex affected by a Denial of Service (DOS) in JSONReader High
CVE-2025-5302 was published for llama-index-core (pip) Aug 26, 2025
mitmproxy binaries embed a vulnerable python-hyper/h2 dependency Moderate
GHSA-63cx-g855-hvv4 was published for mitmproxy (pip) Aug 25, 2025
sebastianosrt mhils
Credited to sebastianosrt and mhils
h2 allows HTTP Request Smuggling due to illegal characters in headers Moderate
CVE-2025-57804 was published for h2 (pip) Aug 25, 2025
sebastianosrt mhils
Credited to sebastianosrt and mhils
XGrammar affected by Denial of Service by infinite recursion grammars High
CVE-2025-57809 was published for xgrammar (pip) Aug 25, 2025
xendo
Credited to xendo
Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation (Post-RCE) High
CVE-2025-57760 was published for langflow (pip) Aug 25, 2025
chaandrey
Credited to chaandrey
Picklescan missing detection when calling pytorch function torch.utils._config_module.load_config Moderate
GHSA-vv6j-3g6g-2pvj was published for picklescan (pip) Aug 22, 2025
FredericDT
Credited to FredericDT
Picklescan missing detection when calling pytorch function torch.jit.unsupported_tensor_ops.execWrapper Moderate
GHSA-vr7h-p6mm-wpmh was published for picklescan (pip) Aug 22, 2025
FredericDT
Credited to FredericDT
Picklescan missing detection when calling pytorch function torch.utils.data.datapipes.utils.decoder.basichandlers Moderate
GHSA-h3qp-7fh3-f8h4 was published for picklescan (pip) Aug 22, 2025
FredericDT
Credited to FredericDT
Picklescan missing detection when calling pytorch function torch.utils.collect_env.run Moderate
GHSA-f745-w6jp-hpxx was published for picklescan (pip) Aug 22, 2025
FredericDT
Credited to FredericDT
Picklescan missing detection when calling pytorch function torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression Moderate
GHSA-f4x7-rfwp-v3xw was published for picklescan (pip) Aug 22, 2025
FredericDT
Credited to FredericDT
Picklescan missing detection when calling pytorch function torch._dynamo.guards.GuardBuilder.get Moderate
GHSA-86cj-95qr-2p4f was published for picklescan (pip) Aug 22, 2025
FredericDT
Credited to FredericDT
Picklescan missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_cprofile Moderate
GHSA-4r9r-ch6f-vxmx was published for picklescan (pip) Aug 22, 2025
FredericDT
Credited to FredericDT
Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs High
CVE-2025-57751 was published for pyload-ng (pip) Aug 21, 2025
cyjhhh
Credited to cyjhhh
vLLM has remote code execution vulnerability in the tool call parser for Qwen3-Coder High
CVE-2025-9141 was published for vllm (pip) Aug 21, 2025
levigross russellb
Credited to levigross and russellb
vllm API endpoints vulnerable to Denial of Service Attacks High
CVE-2025-48956 was published for vllm (pip) Aug 21, 2025
jperezdealgaba russellb
taneem-ibrahim
Credited to jperezdealgaba, russellb, and taneem-ibrahim
Withdrawn Advisory: Microsoft Knack ReDoS Vulnerability in the Introspection Module Low
CVE-2025-54364 was published for knack (pip) Aug 20, 2025 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database