Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,781
Maven
5,000+
npm
4,386
NuGet
772
pip
4,164
Pub
12
RubyGems
965
Rust
1,073
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,586 advisories

Loading
Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.attrgetter High
GHSA-46h3-79wf-xr6c was published for picklescan (pip) Dec 30, 2025
CoolwindHF
Credited to CoolwindHF
Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.methodcaller High
GHSA-955r-x9j8-7rhh was published for picklescan (pip) Dec 30, 2025
CoolwindHF
Credited to CoolwindHF
Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.getlincoef High
GHSA-rrxm-2pvv-m66x was published for picklescan (pip) Dec 30, 2025
ac0d3r Lyutoon
Credited to ac0d3r and Lyutoon
Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran.myeval High
GHSA-3329-ghmp-jmv5 was published for picklescan (pip) Dec 29, 2025
CoolwindHF
Credited to CoolwindHF
Picklescan is vulnerable to RCE through missing detection when calling built-in python operator.methodcaller High
GHSA-x843-g5mx-g377 was published for picklescan (pip) Dec 29, 2025
CoolwindHF
Credited to CoolwindHF
Picklescan missing detection when calling numpy.f2py.crackfortran.getlincoef High
GHSA-r8g5-cgf2-4m4m was published for picklescan (pip) Dec 29, 2025
Picklescan Bypasses Unsafe Globals Check using pty.spawn High
GHSA-hgrh-qx5j-jfwx was published for picklescan (pip) Dec 29, 2025
yarienkiva
Credited to yarienkiva
Picklescan missing detection when calling pty.spawn High
GHSA-vqmv-47xg-9wpr was published for picklescan (pip) Dec 29, 2025
0x00nier
Credited to 0x00nier
Picklescan has Incomplete List of Disallowed Inputs High
GHSA-84r2-jw7c-4r5q was published for picklescan (pip) Dec 29, 2025
0x-Apollyon
Credited to 0x-Apollyon
Picklescan does not block ctypes High
GHSA-4675-36f9-wf6r was published for picklescan (pip) Dec 29, 2025
0x-Apollyon
Credited to 0x-Apollyon
Picklescan vulnerable to Arbitrary File Writing High
GHSA-m273-6v24-x4m4 was published for picklescan (pip) Dec 29, 2025
0x-Apollyon
Credited to 0x-Apollyon
FastMCP updated to MCP 1.23+ due to CVE-2025-66416 High
GHSA-rcfx-77hg-w2wv was published for fastmcp (pip) Dec 26, 2025
phvalguima
Credited to phvalguima
lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load() High
CVE-2025-67729 was published for lmdeploy (pip) Dec 26, 2025
yueyueL
Credited to yueyueL
External Control of File Name or Path in Langflow High
CVE-2025-68478 was published for langflow (pip) Dec 19, 2025
J1vvoo
Credited to J1vvoo
Langflow vulnerable to Server-Side Request Forgery High
CVE-2025-68477 was published for langflow (pip) Dec 19, 2025
im-soohyun
Credited to im-soohyun
Weblate has an arbitrary file read via symbolic links High
CVE-2025-68279 was published for Weblate (pip) Dec 18, 2025
secjson nijel
Credited to secjson and nijel
nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows High
CVE-2025-53000 was published for nbconvert (pip) Dec 18, 2025
dlqqq krassowski
yohannslm
Credited to dlqqq, krassowski, and yohannslm
Fickling has Code Injection vulnerability via pty.spawn() High
CVE-2025-67748 was published for fickling (pip) Dec 15, 2025
0x00nier
Credited to 0x00nier
Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list High
CVE-2025-67747 was published for fickling (pip) Dec 15, 2025
0x00nier
Credited to 0x00nier
Universal Tool Calling Protocol (UTCP) client library for Python vulnerable to Trust Boundary Violation through Manual JSON specification High
CVE-2025-14542 was published for utcp (pip) Dec 13, 2025
LangGraph's SQLite is vulnerable to SQL injection via metadata filter key in SQLite checkpointer list method High
CVE-2025-67644 was published for langgraph-checkpoint-sqlite (pip) Dec 10, 2025
VladimirEliTokarev yardenporat353
hawkeyetw
Credited to VladimirEliTokarev, yardenporat353, and hawkeyetw
NiceGUI has a path traversal in app.add_media_files() allows arbitrary file read High
CVE-2025-66645 was published for nicegui (pip) Dec 9, 2025
y4rvin evnchn
falkoschindler
Credited to y4rvin, evnchn, and falkoschindler
urllib3 streaming API improperly handles highly compressed data High
CVE-2025-66471 was published for urllib3 (pip) Dec 5, 2025
illia-v pquentin
sethmlarson Cycloctane stamparm
Credited to illia-v, pquentin, sethmlarson, Cycloctane, and stamparm
urllib3 allows an unbounded number of links in the decompression chain High
CVE-2025-66418 was published for urllib3 (pip) Dec 5, 2025
illia-v sethmlarson
pquentin
Credited to illia-v, sethmlarson, and pquentin
Open WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/web High
CVE-2025-65958 was published for open-webui (pip) Dec 4, 2025
teolines
Credited to teolines
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database