GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
630 advisories
vLLM Allows Remote Code Execution via PyNcclPipe Communication Service
Critical
CVE-2025-47277
was published
for
vllm
(pip)
May 20, 2025
Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration
High
CVE-2025-30165
was published
for
vllm
(pip)
May 6, 2025
vLLM Vulnerable to Remote Code Execution via Mooncake Integration
Critical
CVE-2025-32444
was published
for
vllm
(pip)
Apr 29, 2025
LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py
Moderate
CVE-2025-46567
was published
for
llamafactory
(pip)
Apr 23, 2025
Wazuh server vulnerable to remote code execution
Critical
CVE-2025-24016
was published
for
github.com/wazuh/wazuh
(Go)
Apr 22, 2025
PyTorch: `torch.load` with `weights_only=True` leads to remote code execution
Critical
CVE-2025-32434
was published
for
torch
(pip)
Apr 18, 2025
BentoML's runner server Vulnerable to Remote Code Execution (RCE) via Insecure Deserialization
Critical
CVE-2025-32375
was published
for
bentoml
(pip)
Apr 9, 2025
Picklescan failed to detect to some unsafe global function in Numpy library
Moderate
GHSA-fj43-3qmq-673f
was published
for
picklescan
(pip)
Apr 7, 2025
BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization
Critical
CVE-2025-27520
was published
for
bentoml
(pip)
Apr 4, 2025
jooby-pac4j: deserialization of untrusted data
High
CVE-2025-31129
was published
for
io.jooby:jooby-pac4j
(Maven)
Apr 1, 2025
InvokeAI Deserialization of Untrusted Data vulnerability
Critical
CVE-2024-12029
was published
for
InvokeAI
(pip)
Mar 21, 2025
Redlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences Form
High
CVE-2025-30160
was published
for
redlib
(Rust)
Mar 21, 2025
vLLM deserialization vulnerability in vllm.distributed.GroupCoordinator.recv_object
Critical
CVE-2024-9052
was published
for
vllm
(pip)
Mar 20, 2025
Withdrawn Advisory: PyTorch deserialization vulnerability
Critical
CVE-2024-7804
was published
for
torch
(pip)
Mar 20, 2025
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API