GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,722
Erlang
35
GitHub Actions
29
Go
2,306
Maven
5,000+
npm
3,947
NuGet
711
pip
3,727
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+
1,510 advisories
Filter by severity
vLLM allows clients to crash the openai server with invalid regex
Moderate
GHSA-9hcf-v7m4-6m2j
was published
for
vllm
(pip)
May 28, 2025
vLLM Tool Schema allows DoS via Malformed pattern and type Fields
Moderate
GHSA-vrq3-r879-7m65
was published
for
vllm
(pip)
May 28, 2025
multicast in source builds from vulnerable setuptools dependency
Moderate
GHSA-94v7-wxj6-r2q5
was published
for
multicast
(pip)
May 28, 2025
PyTorch Improper Resource Shutdown or Release vulnerability
Moderate
CVE-2025-3730
was published
for
torch
(pip)
Apr 16, 2025
vLLM vulnerable to Regular Expression Denial of Service
Moderate
GHSA-j828-28rj-hfhp
was published
for
vllm
(pip)
May 28, 2025
vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py`
Moderate
GHSA-w6q7-j642-7c25
was published
for
vllm
(pip)
May 28, 2025
vLLM DOS: Remotely kill vllm over http with invalid JSON schema
Moderate
GHSA-6qc9-v4r8-22xg
was published
for
vllm
(pip)
May 28, 2025
vLLM has a Weakness in MultiModalHasher Image Hashing Implementation
Moderate
CVE-2025-46722
was published
for
vllm
(pip)
May 28, 2025
pypickle unsafe deserialization vulnerability
Moderate
CVE-2025-5174
was published
for
pypickle
(pip)
May 26, 2025
pypickle Incorrect Privilege Assignment vulnerability
Moderate
CVE-2025-5175
was published
for
pypickle
(pip)
May 26, 2025
FunAudioLLM InspireMusic deserialization vulnerability
Moderate
CVE-2025-5148
was published
for
inspiremusic
(pip)
May 25, 2025
Hugging Face Transformers Regular Expression Denial of Service
Moderate
CVE-2025-2099
was published
for
transformers
(pip)
May 19, 2025
langchain-core allows unauthorized users to read arbitrary files from the host file system
Moderate
CVE-2024-10940
was published
for
langchain-core
(pip)
Mar 20, 2025
Django has a potential denial-of-service vulnerability in IPv6 validation
Moderate
CVE-2024-56374
was published
for
Django
(pip)
Jan 14, 2025
Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config
Moderate
CVE-2024-26152
was published
for
label-studio
(pip)
Feb 22, 2024
Flask-CORS improper regex path matching vulnerability
Moderate
CVE-2024-6839
was published
for
flask-cors
(pip)
Mar 20, 2025
Flask-CORS vulnerable to Improper Handling of Case Sensitivity
Moderate
CVE-2024-6866
was published
for
flask-cors
(pip)
Mar 20, 2025
Flask-CORS allows for inconsistent CORS matching
Moderate
CVE-2024-6844
was published
for
flask-cors
(pip)
Mar 20, 2025
OpenCanary Executes Commands From Potentially Writable Config File
Moderate
CVE-2024-48911
was published
for
OpenCanary
(pip)
Oct 14, 2024
Flask-AppBuilder open redirect vulnerability using HTTP host injection
Moderate
CVE-2025-32962
was published
for
flask-appbuilder
(pip)
May 16, 2025
Apache Superset Allows Ownership Takeover
Moderate
CVE-2025-27696
was published
for
apache-superset
(pip)
May 13, 2025
Django has a denial-of-service possibility in strip_tags()
Moderate
CVE-2025-32873
was published
for
Django
(pip)
May 8, 2025
Mezzanine CMS Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2025-29573
was published
for
Mezzanine
(pip)
May 5, 2025
Apache Airflow: DAG Code and Import Error Permissions Ignored
Moderate
CVE-2024-27906
was published
for
apache-airflow
(pip)
Feb 29, 2024
ProTip!
Advisories are also available from the
GraphQL API