Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,800
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,005
NuGet
720
pip
3,805
Pub
12
RubyGems
927
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,805 advisories

Loading
ExecuTorch vulnerable to Heap-based Buffer Overflow attack High
CVE-2025-30402 was published for executorch (pip) Jul 11, 2025
Transformers is vulnerable to ReDoS attack through its DonutProcessor class Moderate
CVE-2025-3933 was published for transformers (pip) Jul 11, 2025
LlamaIndex vulnerable to data loss through hash collisions in its DocugamiReader class Moderate
CVE-2025-6211 was published for llama-index (pip) Jul 10, 2025
pyLoad is vulnerable to attacks that bypass localhost restrictions, enabling the creation of arbitrary packages High
CVE-2025-7346 was published for pyload-ng (pip) Jul 8, 2025
PinkDraconian
Duplicate Advisory: GHSA-x698-5hjm-w2m5 High
GHSA-2wcm-vx67-3x4q was published for pyload-ng (pip) Jul 8, 2025 withdrawn
fastapi-guard is vulnerable to ReDoS through inefficient regex Moderate
CVE-2025-53539 was published for fastapi-guard (pip) Jul 7, 2025
Cycloctane rennf93
Dagster vulnerable to Path Traversal attack through its /logs endpoint Moderate
CVE-2023-51232 was published for dagster (pip) Jul 7, 2025
LlamaIndex vulnerable to Path Traversal attack through its encode_image function High
CVE-2025-6209 was published for llama-index-core (pip) Jul 7, 2025
LlamaIndex vulnerable to DoS attack through uncontrolled recursive JSON parsing Moderate
CVE-2025-5472 was published for llama-index-core (pip) Jul 7, 2025
LlamaIndex vulnerability in its ObsidianReader class can lead to Path Traversal exploit Moderate
CVE-2025-6210 was published for llama-index-readers-obsidian (pip) Jul 7, 2025
Lord of Large Language Models vulnerable to Observable Discrepancy attack via authenticate_user function High
CVE-2025-6386 was published for lollms (pip) Jul 7, 2025
LlamaIndex vulnerability in ArxivReader class can cause MD5 hash collisions Moderate
CVE-2025-3044 was published for llama-index-readers-papers (pip) Jul 7, 2025
LlamaIndex is vulnerable to Path Traversal attack through its ObsidianReader class High
CVE-2025-3046 was published for llama-index-readers-obsidian (pip) Jul 7, 2025
LlamaIndex has an XML Entity Expansion vulnerability in its sitemap parser High
CVE-2025-3225 was published for llama-index-readers-papers (pip) Jul 7, 2025
Transformers vulnerable to ReDoS attack through its SETTING_RE variable Moderate
CVE-2025-3262 was published for transformers (pip) Jul 7, 2025
Transformers's ReDoS vulnerability in get_configuration_file can lead to catastrophic backtracking Moderate
CVE-2025-3263 was published for transformers (pip) Jul 7, 2025
Transformers vulnerable to ReDoS attack through its get_imports() function Moderate
CVE-2025-3264 was published for transformers (pip) Jul 7, 2025
Transformers's Improper Input Validation vulnerability can be exploited through username injection Low
CVE-2025-3777 was published for transformers (pip) Jul 7, 2025
LlamaIndex has Incomplete Documentation of Program Execution related to JsonPickleSerializer component Moderate
CVE-2025-3108 was published for llama-index-core (pip) Jul 7, 2025
MCP Python SDK vulnerability in the FastMCP Server causes validation error, leading to DoS High
CVE-2025-53366 was published for mcp (pip) Jul 4, 2025
rharang
MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to Denial of Service High
CVE-2025-53365 was published for mcp (pip) Jul 4, 2025
rharang
Pillow vulnerability can cause write buffer overflow on BCn encoding High
CVE-2025-48379 was published for pillow (pip) Jul 1, 2025
HKUDS LightRAG allows Path Traversal via function upload_to_input_dir Moderate
CVE-2025-6773 was published for lightrag-hku (pip) Jun 27, 2025
MobSF vulnerability allows SSRF due to the allow_redirects=True parameter High
CVE-2024-54000 was published for mobsf (pip) Jun 27, 2025
bulutenes aydinnyunus
LLaMA-Factory allows Code Injection through improper vhead_file safeguards High
CVE-2025-53002 was published for llamafactory (pip) Jun 27, 2025
LianKee
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database