Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

455 advisories

Loading
Tornado has out-of-bounds memory access via C extension Low
CVE-2026-49854 was published for tornado (pip) Jun 12, 2026
sondt99 Credited to sondt99
Dulwich doesn't sanitize commit subjects in `porcelain.format_patch` Low
CVE-2026-47712 was published for dulwich (pip) Jun 8, 2026
ctoth Credited to ctoth and jelmer jelmer jelmer
Crawlee for Python: SSRF via sitemap-derived URLs Low
CVE-2026-46497 was published for crawlee (pip) May 21, 2026
FORIMOC Credited to FORIMOC and Arturo0x90 Arturo0x90 Arturo0x90
PyTorch is vulnerable to memory corruption through its torch.lstm_cell function Low
CVE-2025-3001 was published for torch (pip) Mar 31, 2025
PyTorch is vulnerable to memory corruption through its torch.jit.script function Low
CVE-2025-3000 was published for torch (pip) Mar 31, 2025
PyTorch: Manipulation of the argument scale/zero_point leads to improper initialization via Quantized Sigmoid Module Low
CVE-2025-2149 was published for torch (pip) Mar 10, 2025
PyTorch Tuple Handler is Vulnerable to Memory Corruption through Manipulation of None Argument Low
CVE-2025-2148 was published for torch (pip) Mar 10, 2025
pywasm3 has Improper Restriction of Operations within the Bounds of a Memory Buffer Low
CVE-2025-6272 was published for pywasm3 (pip) Jun 19, 2025
pretix has Email Content Injection Through Maliciously Formatted Names Low
CVE-2025-13742 was published for pretix (pip) Nov 27, 2025
Nautobot missing object-level permissions enforcement when running Job Buttons Low
CVE-2023-51649 was published for nautobot (pip) Dec 22, 2023
abdikanipd Credited to abdikanipd
OpenStack Keystone: Restricted application credentials can create EC2 credentials Low
CVE-2026-33551 was published for keystone (pip) Apr 10, 2026
Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs Low
CVE-2026-45739 was published for strawberry-graphql (pip) May 19, 2026
lpschroer Credited to lpschroer, bellini666, and patrick91 bellini666 bellini666
patrick91 patrick91
Magic Wormhole: receive, with --output pointing at an existing directory can be path-traversed Low
CVE-2026-42448 was published for magic-wormhole (pip) May 6, 2026
WebSSH Cross-site Scripting vulnerability Low
CVE-2025-7885 was published for webssh (pip) Jul 20, 2025
Overhang Tutor Discloses Sensitive Information due to Improper Cache-Control Low
CVE-2025-65681 was published for tutor (pip) Nov 26, 2025
Vantage6 Server JWT secret not cryptographically secure Low
CVE-2025-43866 was published for vantage6-server (pip) Jun 12, 2025
vantage6 lacks brute-force protection on change password functionality Low
CVE-2025-43863 was published for vantage6 (pip) Jun 12, 2025
PyTorch susceptible to local Denial of Service Low
CVE-2025-2953 was published for torch (pip) Mar 30, 2025
Apache Spark has Inadequate Encryption Strength Low
CVE-2025-55039 was published for org.apache.spark:spark-network-common_2.12 (Maven) Oct 15, 2025
langchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding Low
CVE-2026-41488 was published for langchain-openai (pip) Apr 16, 2026
deprrous Credited to deprrous
MindsDB affected by a SSRF vulnerability Low
CVE-2026-2531 was published for MindsDB (pip) Feb 16, 2026
Mayan EDMS has an Open Redirect through the /authentication/ file Low
CVE-2025-14692 was published for mayan-edms (pip) Dec 15, 2025
Mayan EDMS is vulnerable to XSS through the /authentication/ file Low
CVE-2025-14691 was published for mayan-edms (pip) Dec 15, 2025
Weblate leaks the IP of project member inviting user to be reviewer in Audit log Low
CVE-2025-64326 was published for weblate (pip) Nov 5, 2025
jermanuts Credited to jermanuts and nijel nijel nijel
LIEF obtain sensitive information via the name parameter Low
CVE-2024-31636 was published for lief (pip) May 3, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database