Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

144 advisories

Loading
Langflow Unauth RCE Critical
CVE-2025-3248 was published for langflow (pip) Jun 17, 2025
chximn-dt
Credited to chximn-dt
Withdrawn Advisory: Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py Critical
CVE-2024-39236 was published for Gradio (pip) Jul 1, 2024 withdrawn
kmulka-bloomberg
Credited to kmulka-bloomberg
LiteLLM Vulnerable to Remote Code Execution (RCE) High
CVE-2024-6825 was published for litellm (pip) Mar 20, 2025
Kedro allows Remote Code Execution by Pulling Micro Packages High
CVE-2024-12215 was published for kedro (pip) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) and File Write High
CVE-2024-10572 was published for ai.h2o:h2o-ext-xgboost (Maven) Mar 20, 2025
h2o vulnerable to unexpected POST request shutting down server High
CVE-2024-5979 was published for h2o (pip) Jun 27, 2024
pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters High
CVE-2025-61773 was published for pyload-ng (pip) Oct 9, 2025
odaysec
Credited to odaysec
PlotAI eval vulnerability Critical
CVE-2025-1497 was published for plotai (pip) Mar 10, 2025
PyInstaller has local privilege escalation vulnerability High
CVE-2025-59042 was published for pyinstaller (pip) Sep 10, 2025
zhangyoufu
Credited to zhangyoufu
smolagents has Sandbox Escape Vulnerability in the local_python_executor.py Module Critical
CVE-2025-5120 was published for smolagents (pip) Jul 27, 2025
Pyload log Injection via API /json/add_package in add_name parameter Moderate
GHSA-3wwm-hjv7-23r3 was published for pyload-ng (pip) Jul 30, 2025
SeaW1nd
Credited to SeaW1nd
pyLoad vulnerable to XSS through insecure CAPTCHA Critical
CVE-2025-53890 was published for pyload-ng (pip) Jul 15, 2025
odaysec
Credited to odaysec
Apache IoTDB Vulnerable to Remote Code Execution Critical
CVE-2024-24780 was published for apache-iotdb (Maven) May 14, 2025
Eval Injection in fastbots High
CVE-2023-48699 was published for fastbots (pip) Nov 21, 2023
ubertidavide
Credited to ubertidavide
LLaMA-Factory allows Code Injection through improper vhead_file safeguards High
CVE-2025-53002 was published for llamafactory (pip) Jun 27, 2025
LianKee
Credited to LianKee
Remote Code Execution vulnerability in Apache IoTDB via UDF High
CVE-2023-46226 was published for apache-iotdb (Maven) Jan 15, 2024
Duplicate Advisory: Langflow Vulnerable to Code Injection via the `/api/v1/validate/code` endpoint Critical
GHSA-c995-4fw3-j39m was published for langflow (pip) Apr 7, 2025 withdrawn
Aim Vulnerable to Sandbox Escape Leading to Remote Code Execution Low
CVE-2025-5321 was published for aim (pip) May 29, 2025
docarray prototype pollution Moderate
CVE-2025-5150 was published for docarray (pip) May 25, 2025
Langroid has a Code Injection vulnerability in TableChatAgent Critical
CVE-2025-46724 was published for langroid (pip) May 20, 2025
SCH227
Credited to SCH227
Langroid has a Code Injection vulnerability in LanceDocChatAgent through vector_store High
CVE-2025-46725 was published for langroid (pip) May 20, 2025
SCH227
Credited to SCH227
Flair allows arbitrary code execution Moderate
CVE-2024-10073 was published for flair (pip) Oct 17, 2024
m3t3kh4n wnowicki
Credited to m3t3kh4n and wnowicki
InternLM LMDeploy code injection vulnerability Moderate
CVE-2025-3163 was published for lmdeploy (pip) Apr 3, 2025
Pycel allows code injection via a crafted formula High
CVE-2024-53924 was published for pycel (pip) Apr 17, 2025
Improper Control of Generation of Code ('Code Injection') in Azure CLI High
CVE-2022-39327 was published for azure-cli (pip) Oct 25, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database