GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,904
Erlang
38
GitHub Actions
38
Go
2,566
Maven
5,000+
npm
4,237
NuGet
753
pip
4,001
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+
516 advisories
Filter by severity
InvokeAI Arbitrary File Deletion vulnerability
Critical
CVE-2024-11042
was published
for
InvokeAI
(pip)
Mar 20, 2025
DB-GPT vulnerable to Arbitrary File Upload with Path Traversal
Critical
CVE-2024-10902
was published
for
dbgpt
(pip)
Mar 20, 2025
DB-GPT Absolute Path Traversal in knowledge/{space_name}/document/upload
Critical
CVE-2024-10833
was published
for
dbgpt
(pip)
Mar 20, 2025
Horovod Vulnerable to Command Injection
Critical
CVE-2024-10190
was published
for
horovod
(pip)
Mar 20, 2025
pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint
Critical
CVE-2024-5980
was published
for
lightning
(pip)
Jun 27, 2024
qdrant input validation failure
Critical
CVE-2024-3829
was published
for
qdrant-client
(pip)
Jun 3, 2024
BBOT's insufficient sanitization issues in gitdumper.py can lead to RCE
Critical
CVE-2025-10283
was published
for
bbot
(pip)
Oct 9, 2025
BBOT's various issues in unarchive.py can cause arbitrary file write and RCE
Critical
CVE-2025-10284
was published
for
bbot
(pip)
Oct 9, 2025
scio is vunerable to Remote Command Execution through PyTorch
Critical
GHSA-m9mp-6x32-5rhg
was published
for
scio-pypi
(pip)
Oct 9, 2025
ExecuTorch integer overflow vulnerability
Critical
CVE-2025-30405
was published
for
executorch
(Maven)
Aug 8, 2025
ExecuTorch integer overflow vulnerability
Critical
CVE-2025-30404
was published
for
executorch
(Maven)
Aug 8, 2025
ExecuTorch vulnerable to Heap-based Buffer Overflow
Critical
CVE-2025-54951
was published
for
executorch
(Maven)
Aug 8, 2025
ExecuTorch heap buffer overflow vulnerability
Critical
CVE-2025-54949
was published
for
executorch
(Maven)
Aug 8, 2025
ExecuTorch out-of-bounds access vulnerability
Critical
CVE-2025-54950
was published
for
executorch
(Maven)
Aug 8, 2025
Apache Pyfory python is vulnerable to deserialization of untrusted data
Critical
CVE-2025-61622
was published
for
pyfory
(pip)
Oct 1, 2025
Ray has arbitrary code execution via jobs submission API
Critical
CVE-2023-48022
was published
for
ray
(pip)
Nov 28, 2023
mcp-kubernetes-server has an OS Command Injection vulnerability
Critical
CVE-2025-59377
was published
for
mcp-kubernetes-server
(pip)
Sep 15, 2025
InvokeAI has External Control of File Name or Path
Critical
CVE-2025-6237
was published
for
invokeai
(pip)
Sep 18, 2025
H2O.ai H2O vulnerable to deserialization attacks via a JDBC Connection URL
Critical
CVE-2024-45758
was published
for
ai.h2o:h2o-core
(Maven)
Sep 6, 2024
H2O affected by a deserialization vulnerability
Critical
CVE-2025-6544
was published
for
ai.h2o:h2o-core
(Maven)
Sep 22, 2025
Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports
Critical
CVE-2025-10157
was published
for
picklescan
(pip)
Sep 10, 2025
Picklescan Bypass is Possible via File Extension Mismatch
Critical
CVE-2025-10155
was published
for
picklescan
(pip)
Sep 10, 2025
Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check
Critical
CVE-2025-10156
was published
for
picklescan
(pip)
Sep 10, 2025
Duplicate Advisory: Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports
Critical
GHSA-hf6h-9wq7-hmjg
was published
for
picklescan
(pip)
Sep 17, 2025
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API