GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,304 advisories
Langroid has a Code Injection vulnerability in TableChatAgent
Critical
CVE-2025-46724
was published
for
langroid
(pip)
May 20, 2025
vLLM Allows Remote Code Execution via PyNcclPipe Communication Service
Critical
CVE-2025-47277
was published
for
vllm
(pip)
May 20, 2025
InvokeAI Deserialization of Untrusted Data vulnerability
Critical
CVE-2024-12029
was published
for
InvokeAI
(pip)
Mar 21, 2025
samlify SAML Signature Wrapping attack
Critical
CVE-2025-47949
was published
for
samlify
(npm)
May 19, 2025
laravel-auth0 SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Critical
GHSA-9fwj-9mjf-rhj3
was published
for
auth0/login
(Composer)
May 17, 2025
Auth0 Wordpress plugin Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Critical
GHSA-2f4r-34m4-3w8q
was published
for
auth0/wordpress
(Composer)
May 17, 2025
Auth0 Symfony SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Critical
GHSA-9wg9-93h9-j8ch
was published
for
auth0/symfony
(Composer)
May 17, 2025
Forgeable Encrypted Session Cookie in Apps Using Auth0-PHP SDK
Critical
CVE-2025-47275
was published
for
auth0/auth0-php
(Composer)
May 16, 2025
ThinkAdmin insecure unserialize vulnerability
Critical
CVE-2020-23653
was published
for
zoujingli/thinkadmin
(Composer)
May 24, 2022
OPKSSH Vulnerable to Authentication Bypass
Critical
CVE-2025-4658
was published
for
github.com/openpubkey/opkssh
(Go)
May 13, 2025
OpenPubkey Vulnerable to Authentication Bypass
Critical
CVE-2025-3757
was published
for
github.com/openpubkey/openpubkey
(Go)
May 13, 2025
Deserialization of Untrusted Data in Bouncy castle
Critical
CVE-2018-1000613
was published
for
org.bouncycastle:bcprov-jdk15on
(Maven)
Oct 17, 2018
ProTip!
Advisories are also available from the
GraphQL API