Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,722
Erlang
35
GitHub Actions
29
Go
2,306
Maven
5,000+
npm
3,947
NuGet
711
pip
3,727
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,510 advisories

Loading
vLLM allows clients to crash the openai server with invalid regex Moderate
GHSA-9hcf-v7m4-6m2j was published for vllm (pip) May 28, 2025
g-eoj russellb
Jason-CKY
vLLM Tool Schema allows DoS via Malformed pattern and type Fields Moderate
GHSA-vrq3-r879-7m65 was published for vllm (pip) May 28, 2025
russellb Jason-CKY
multicast in source builds from vulnerable setuptools dependency Moderate
GHSA-94v7-wxj6-r2q5 was published for multicast (pip) May 28, 2025
PyTorch Improper Resource Shutdown or Release vulnerability Moderate
CVE-2025-3730 was published for torch (pip) Apr 16, 2025
vLLM vulnerable to Regular Expression Denial of Service Moderate
GHSA-j828-28rj-hfhp was published for vllm (pip) May 28, 2025
kexinoh russellb
mgoin
vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py` Moderate
GHSA-w6q7-j642-7c25 was published for vllm (pip) May 28, 2025
kexinoh russellb
mgoin
vLLM DOS: Remotely kill vllm over http with invalid JSON schema Moderate
GHSA-6qc9-v4r8-22xg was published for vllm (pip) May 28, 2025
derekhiggins Jason-CKY
russellb
vLLM has a Weakness in MultiModalHasher Image Hashing Implementation Moderate
CVE-2025-46722 was published for vllm (pip) May 28, 2025
kexinoh DarkLight1337
russellb
pypickle unsafe deserialization vulnerability Moderate
CVE-2025-5174 was published for pypickle (pip) May 26, 2025
docarray prototype pollution Moderate
CVE-2025-5150 was published for docarray (pip) May 25, 2025
pypickle Incorrect Privilege Assignment vulnerability Moderate
CVE-2025-5175 was published for pypickle (pip) May 26, 2025
PrinceRaj-0
FunAudioLLM InspireMusic deserialization vulnerability Moderate
CVE-2025-5148 was published for inspiremusic (pip) May 25, 2025
Hugging Face Transformers Regular Expression Denial of Service Moderate
CVE-2025-2099 was published for transformers (pip) May 19, 2025
langchain-core allows unauthorized users to read arbitrary files from the host file system Moderate
CVE-2024-10940 was published for langchain-core (pip) Mar 20, 2025
zly123987
Django has a potential denial-of-service vulnerability in IPv6 validation Moderate
CVE-2024-56374 was published for Django (pip) Jan 14, 2025
zly123987
Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config Moderate
CVE-2024-26152 was published for label-studio (pip) Feb 22, 2024
isacaya
Flask-CORS improper regex path matching vulnerability Moderate
CVE-2024-6839 was published for flask-cors (pip) Mar 20, 2025
adrianosela
Flask-CORS vulnerable to Improper Handling of Case Sensitivity Moderate
CVE-2024-6866 was published for flask-cors (pip) Mar 20, 2025
adrianosela
Flask-CORS allows for inconsistent CORS matching Moderate
CVE-2024-6844 was published for flask-cors (pip) Mar 20, 2025
adrianosela
OpenCanary Executes Commands From Potentially Writable Config File Moderate
CVE-2024-48911 was published for OpenCanary (pip) Oct 14, 2024
0x0L0RD DavidBakerEffendi
AndreiDreyer
Flask-AppBuilder open redirect vulnerability using HTTP host injection Moderate
CVE-2025-32962 was published for flask-appbuilder (pip) May 16, 2025
mar0n0
Apache Superset Allows Ownership Takeover Moderate
CVE-2025-27696 was published for apache-superset (pip) May 13, 2025
Django has a denial-of-service possibility in strip_tags() Moderate
CVE-2025-32873 was published for Django (pip) May 8, 2025
Mezzanine CMS Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2025-29573 was published for Mezzanine (pip) May 5, 2025
Apache Airflow: DAG Code and Import Error Permissions Ignored Moderate
CVE-2024-27906 was published for apache-airflow (pip) Feb 29, 2024
oscerd sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database