Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,801
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,010
NuGet
720
pip
3,810
Pub
12
RubyGems
930
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+

487 advisories

Loading
Unsafe yaml deserialization in llama-hub Critical
CVE-2024-23730 was published for llama-hub (pip) Jan 21, 2024
r3kumar
llama_index vulnerable to SQL Injection Critical
CVE-2025-1793 was published for llama-index (pip) Jun 5, 2025
Malayke
BackendAI Missing Authentication for Critical Function Critical
CVE-2025-49652 was published for backend.ai (pip) Jun 9, 2025
Salt vulnerable to directory traversal attack in file receiving method Critical
CVE-2024-38824 was published for salt (pip) Jun 13, 2025
Duplicate Advisory: Langflow Vulnerable to Code Injection via the `/api/v1/validate/code` endpoint Critical
GHSA-c995-4fw3-j39m was published for langflow (pip) Apr 7, 2025 withdrawn
Apache Airflow Providers Snowflake package allows for Special Element Injection via CopyFromExternalStageToSnowflakeOperator Critical
CVE-2025-50213 was published for apache-airflow-providers-snowflake (pip) Jun 26, 2025
rfc3161-client has insufficient verification for timestamp response signatures Critical
CVE-2025-52556 was published for rfc3161-client (pip) Jun 20, 2025
jku woodruffw
Langflow Unauth RCE Critical
CVE-2025-3248 was published for langflow (pip) Jun 17, 2025
chximn-dt
vLLM Allows Remote Code Execution via Mooncake Integration Critical
CVE-2025-29783 was published for vllm (pip) Mar 19, 2025
JosephTLucas russellb
kexinoh
Apache IoTDB Vulnerable to Remote Code Execution Critical
CVE-2024-24780 was published for apache-iotdb (Maven) May 14, 2025
Python Swift client is vulnerable to Missing SSL Certificate Check Critical
CVE-2013-6396 was published for python-swiftclient (pip) May 17, 2022
pyLoad vulnerable to XSS through insecure CAPTCHA Critical
CVE-2025-53890 was published for pyload-ng (pip) Jul 15, 2025
odaysec
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database