GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
12 advisories
lmdeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out
High
CVE-2026-46517
was published
for
lmdeploy
(pip)
May 21, 2026
Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation
Moderate
CVE-2026-45396
was published
for
open-webui
(pip)
May 14, 2026
ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.
High
CVE-2026-34445
was published
for
onnx
(pip)
Apr 1, 2026
SimpleEval: Objects (including modules) can leak dangerous modules through to direct access inside the sandbox
High
CVE-2026-32640
was published
for
simpleeval
(pip)
Mar 13, 2026
django-unicorn affected by component state manipulation via unvalidated attribute access
Moderate
CVE-2026-31815
was published
for
django-unicorn
(pip)
Mar 11, 2026
Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc
High
CVE-2025-70559
was published
for
pdfminer.six
(pip)
Nov 7, 2025
DeepDiff Class Pollution in Delta class leading to DoS, Remote Code Execution, and more
Critical
CVE-2025-58367
was published
for
deepdiff
(pip)
Sep 3, 2025
Mesop Class Pollution vulnerability leads to DoS and Jailbreak attacks
High
CVE-2025-30358
was published
for
mesop
(pip)
Mar 27, 2025
Django-Unicorn Class Pollution Vulnerability, Leading to XSS, DoS and Authentication Bypass
Critical
CVE-2025-24370
was published
for
django-unicorn
(pip)
Feb 3, 2025
Remote code execution in pytorch lightning
Critical
CVE-2024-5452
was published
for
lightning
(pip)
Jun 6, 2024
ProTip!
Advisories are also available from the
GraphQL API