Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,533 advisories

Loading
Skops may allow MethodNode to access unexpected object fields through dot notation, leading to arbitrary code execution at load time High
CVE-2025-54413 was published for skops (pip) Jul 25, 2025
io-no
Credited to io-no
TkEasyGUI Affected by Uncontrolled Search Path Element Issue High
CVE-2025-55671 was published for TkEasyGUI (pip) Sep 5, 2025
pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability High
CVE-2025-9636 was published for pgadmin4 (pip) Sep 5, 2025
Django is subject to SQL injection through its column aliases High
CVE-2025-57833 was published for Django (pip) Sep 8, 2025
PyInstaller has local privilege escalation vulnerability High
CVE-2025-59042 was published for pyinstaller (pip) Sep 10, 2025
zhangyoufu
Credited to zhangyoufu
SKOPS Card.get_model happily allows arbitrary code execution High
CVE-2025-54886 was published for skops (pip) Aug 7, 2025
io-no
Credited to io-no
XGrammar affected by Denial of Service by infinite recursion grammars High
CVE-2025-57809 was published for xgrammar (pip) Aug 25, 2025
xendo
Credited to xendo
Neo4j Cypher MCP server is vulnerable to DNS rebinding High
CVE-2025-10193 was published for mcp-neo4j-cypher (pip) Sep 11, 2025
eharris128
Credited to eharris128
Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation High
CVE-2025-57817 was published for ethyca-fides (pip) Sep 8, 2025
thabofletcher erosselli
daveqnet
Credited to thabofletcher, erosselli, and daveqnet
OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload High
CVE-2025-58180 was published for octoprint (pip) Sep 9, 2025
prabhatverma47
Credited to prabhatverma47
Duplicate Advisory: The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded. High
GHSA-77wq-646f-jrm2 was published for keras (pip) Sep 19, 2025 withdrawn
The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded. High
CVE-2025-9905 was published for keras (pip) Sep 19, 2025
io-no
Credited to io-no
Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass) High
CVE-2025-59420 was published for authlib (pip) Sep 22, 2025
AL-Cybision
Credited to AL-Cybision
Keras is vulnerable to Deserialization of Untrusted Data High
CVE-2025-9906 was published for keras (pip) Sep 19, 2025
cai0duque
Credited to cai0duque
MONAI does not prevent path traversal, potentially leading to arbitrary file writes High
CVE-2025-58755 was published for monai (pip) Sep 9, 2025
h3rrr
Credited to h3rrr
MONAI: Unsafe torch usage may lead to arbitrary code execution High
CVE-2025-58756 was published for monai (pip) Sep 9, 2025
h3rrr
Credited to h3rrr
Monai: Unsafe use of Pickle deserialization may lead to RCE High
CVE-2025-58757 was published for monai (pip) Sep 9, 2025
h3rrr
Credited to h3rrr
xml2rfc has an arbitrary file read vulnerability High
CVE-2025-11058 was published for xml2rfc (pip) Aug 26, 2025
xml2rfc is vulnerable to arbitrary file reads through prepped files High
CVE-2025-11059 was published for xml2rfc (pip) Sep 10, 2025
llama-index-core insecurely handles temporary files High
CVE-2025-7647 was published for llama-index-core (pip) Sep 27, 2025
MLFlow unsafe deserialization High
CVE-2024-37059 was published for mlflow (pip) Jun 4, 2024
Request smuggling leading to endpoint restriction bypass in Gunicorn High
CVE-2024-1135 was published for gunicorn (pip) Apr 16, 2024
Gunicorn HTTP Request/Response Smuggling vulnerability High
CVE-2024-6827 was published for gunicorn (pip) Mar 20, 2025
xzpjerry
Credited to xzpjerry
Django vulnerable to SQL injection in column aliases High
CVE-2025-59681 was published for django (pip) Oct 1, 2025
ExecuTorch vulnerable to Heap-based Buffer Overflow attack High
CVE-2025-30402 was published for executorch (Maven) Jul 11, 2025
Fidget-Grep
Credited to Fidget-Grep
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database