Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,617
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

63 advisories

Loading
Rack has a Possible Information Disclosure Vulnerability Moderate
CVE-2025-61780 was published for rack (RubyGems) Oct 10, 2025
leahneukirchen jeremyevans
matthewd ioquatix
Credited to leahneukirchen, jeremyevans, matthewd, and ioquatix
The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded. High
CVE-2025-9905 was published for keras (pip) Sep 19, 2025
io-no
Credited to io-no
Duplicate Advisory: The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded. High
GHSA-77wq-646f-jrm2 was published for keras (pip) Sep 19, 2025 withdrawn
An unauthenticated remote attacker can alter the device configuration in a way to get remote code... Critical Unreviewed
CVE-2025-25270 was published Jul 8, 2025
Crafter Studio Groovy Sandbox Bypass High
CVE-2025-6384 was published for org.craftercms:crafter-studio (Maven) Jun 19, 2025
A vulnerability was found in comfyanonymous comfyui 0.3.40. It has been classified as problematic... Low Unreviewed
CVE-2025-6107 was published Jun 16, 2025
NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use,... Moderate Unreviewed
CVE-2025-46673 was published Apr 27, 2025
In NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to... Low Unreviewed
CVE-2025-46675 was published Apr 27, 2025
Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability Moderate
CVE-2025-31674 was published for drupal/core (Composer) Apr 1, 2025
The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by... High Unreviewed
CVE-2022-31764 was published Feb 6, 2025
Sentry SDK Prototype Pollution gadget in JavaScript SDKs Moderate
GHSA-593m-55hh-j8gv was published for @sentry/browser (npm) Oct 3, 2024
Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a... High Unreviewed
CVE-2024-7297 was published Jul 30, 2024
dbt has an implicit override for built-in materializations from installed packages Low
CVE-2024-40637 was published for dbt-core (pip) Jul 17, 2024
brabster
Credited to brabster
Langflow remote code execution vulnerability High
CVE-2024-37014 was published for langflow (pip) Jun 10, 2024
Remote code execution in pytorch lightning Critical
CVE-2024-5452 was published for lightning (pip) Jun 6, 2024
colbybr
Credited to colbybr
Improper Control of Dynamically-Managed Code Resources vulnerability in Logitech Logi Tune on... Moderate Unreviewed
CVE-2024-2537 was published Mar 15, 2024
RPyC's missing security check results in code execution when using numpy.array on the server-side. High
CVE-2024-27758 was published for rpyc (pip) Mar 6, 2024
renbou comrumino
Credited to renbou and comrumino
Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross... Moderate Unreviewed
CVE-2023-6184 was published Jan 18, 2024
NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable... High Unreviewed
CVE-2023-31032 was published Jan 12, 2024
CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically... Critical Unreviewed
CVE-2023-43177 was published Nov 18, 2023
Eclipse Glassfish remote code execution issue Moderate
CVE-2023-5763 was published for org.glassfish.main.orb:orb-connector (Maven) Nov 3, 2023
TorchServe Pre-Auth Remote Code Execution Critical
GHSA-4mqg-h5jf-j9m7 was published for torchserve (pip) Oct 2, 2023
A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the... Moderate Unreviewed
CVE-2023-39983 was published Sep 2, 2023
RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape High
CVE-2023-37271 was published for RestrictedPython (pip) Jul 10, 2023
loechel Quasar0147
despawningbone dataflake nneonneo
Credited to loechel, Quasar0147, despawningbone, dataflake, and nneonneo
SpiceDB's LookupResources may return partial results Low
CVE-2023-35930 was published for github.com/authzed/spicedb (Go) Jun 28, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database