GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download
Moderate
CVE-2026-21851
was published
for
monai
(pip)
Jan 6, 2026
lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()
High
CVE-2025-67729
was published
for
lmdeploy
(pip)
Dec 26, 2025
Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service
Moderate
CVE-2025-67743
was published
for
local-deep-research
(pip)
Dec 23, 2025
Fedify has ReDoS Vulnerability in HTML Parsing Regex
High
CVE-2025-68475
was published
for
@fedify/fedify
(npm)
Dec 22, 2025
systeminformation has a Command Injection vulnerability in fsSize() function on Windows
High
CVE-2025-68154
was published
for
systeminformation
(npm)
Dec 16, 2025
Parse Server is vulnerable to Server-Side Request Forgery (SSRF) via Instagram OAuth Adapter
High
CVE-2025-68150
was published
for
parse-server
(npm)
Dec 16, 2025
@vitejs/plugin-rsc has an Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint
High
CVE-2025-68155
was published
for
@vitejs/plugin-rsc
(npm)
Dec 16, 2025
Parse Server has a Cross-Site Scripting (XSS) vulnerability via Unescaped Mustache Template Variables
Moderate
CVE-2025-68115
was published
for
parse-server
(npm)
Dec 16, 2025
Pyrofork has a Path Traversal in download_media Method
Moderate
CVE-2025-67720
was published
for
pyrofork
(pip)
Dec 10, 2025
Open Redirect Vulnerability in Taguette
Moderate
CVE-2025-67502
was published
for
taguette
(pip)
Dec 9, 2025
Spotipy has a XSS vulnerability in its OAuth callback server
Low
CVE-2025-66040
was published
for
spotipy
(pip)
Dec 1, 2025
ProTip!
Advisories are also available from the
GraphQL API