Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,464
Erlang
33
GitHub Actions
22
Go
2,163
Maven
5,000+
npm
3,821
NuGet
696
pip
3,502
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,502 advisories

Loading
Rembg CORS misconfiguration High
CVE-2025-25302 was published for rembg (pip) Mar 11, 2025
Rembg allows SSRF via /api/remove Moderate
CVE-2025-25301 was published for rembg (pip) Mar 11, 2025
Azure PromptFlow remote code execution related to Jinja templates Moderate
CVE-2025-24986 was published for promptflow-core (pip) Mar 11, 2025
Arbitrary Code Execution via Crafted Keras Config for Model Loading High
CVE-2025-1550 was published for keras (pip) Mar 11, 2025
io-no
Duplicate Advisory: Keras arbitrary code execution vulnerability High
GHSA-5478-v2w6-c6q7 was published for keras (pip) Mar 11, 2025 withdrawn
Vyper: reversed order of side effects for some operations Moderate
CVE-2023-40015 was published for vyper (pip) Sep 4, 2023
trocher
PlotAI eval vulnerability Critical
CVE-2025-1497 was published for plotai (pip) Mar 10, 2025
Duplicate Advisory: Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch Moderate
GHSA-2fh4-gpch-vqv4 was published for picklescan (pip) Mar 10, 2025 withdrawn
Zip Exploit Crashes Picklescan But Not PyTorch Moderate
CVE-2025-1944 was published for picklescan (pip) Mar 10, 2025
madgetr axsonatype
Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch Moderate
CVE-2025-1945 was published for picklescan (pip) Mar 10, 2025
madgetr axsonatype
Duplicate Advisory: Zip Exploit Crashes Picklescan But Not PyTorch Moderate
GHSA-w6mr-mj53-x258 was published for picklescan (pip) Mar 10, 2025 withdrawn
Open redirect in web2py Moderate
CVE-2023-22432 was published for web2py (pip) Mar 6, 2023
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings Low
CVE-2022-31177 was published for Flask-AppBuilder (pip) Jul 29, 2022
Flask-AppBuilder Has No Rate Limiting on Login AUTH DB High
CVE-2023-29005 was published for Flask-AppBuilder (pip) Apr 10, 2023
Observable Response Discrepancy in Flask-AppBuilder Moderate
CVE-2022-21659 was published for Flask-AppBuilder (pip) Feb 1, 2022
SamWheating
Improper Authentication in Flask-AppBuilder High
CVE-2021-41265 was published for Flask-AppBuilder (pip) Dec 9, 2021
Flask-AppBuilder Open Redirect vulnerability Moderate
CVE-2021-32805 was published for Flask-AppBuilder (pip) Sep 8, 2021
Observable Response Discrepancy in Flask-AppBuilder Moderate
CVE-2021-29621 was published for Flask-AppBuilder (pip) May 27, 2021
Django vulnerable to Allocation of Resources Without Limits or Throttling Moderate
CVE-2025-26699 was published for Django (pip) Mar 6, 2025
ray vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2025-1979 was published for ray (pip) Mar 6, 2025
Spacy-LLM Server-Side Template Injection (SSTI) vulnerability High
CVE-2025-25362 was published for spacy-llm (pip) Mar 5, 2025
Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis Moderate
CVE-2025-1716 was published for picklescan (pip) Mar 3, 2025
madgetr
PyTorch Model Files Can Bypass Pickle Scanners via Unexpected Pickle Extensions Moderate
CVE-2025-1889 was published for picklescan (pip) Mar 3, 2025
madgetr
Jinja2 vulnerable to sandbox breakout through attr filter selecting format method Moderate
CVE-2025-27516 was published for Jinja2 (pip) Mar 5, 2025
securingapps
dmlc/dgl Vulnerable to Remote Code Execution by Pickle Deserialization via rpc.recv_request() High
GHSA-3x5x-fw77-g54c was published for dgl (pip) Mar 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database