Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,796
Maven
5,000+
npm
4,410
NuGet
772
pip
4,181
Pub
12
RubyGems
965
Rust
1,078
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,181 advisories

Loading
loggingredactor converts non-string types to string types in logs Low
CVE-2026-22041 was published for loggingredactor (pip) Jan 7, 2026
armurox
Credited to armurox
Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API) High
CVE-2026-21441 was published for urllib3 (pip) Jan 7, 2026
illia-v pquentin
sethmlarson
Credited to illia-v, pquentin, and sethmlarson
Parsl Monitoring Visualization Vulnerable to SQL Injection Moderate
CVE-2026-21892 was published for parsl (pip) Jan 6, 2026
viralvaghela
Credited to viralvaghela
Bokeh server applications have Incomplete Origin Validation in WebSockets Moderate
CVE-2026-21883 was published for bokeh (pip) Jan 6, 2026
katzj
Credited to katzj
MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download Moderate
CVE-2026-21851 was published for monai (pip) Jan 6, 2026
yueyueL
Credited to yueyueL
AIOHTTP Vulnerable to Cookie Parser Warning Storm Low
CVE-2025-69230 was published for aiohttp (pip) Jan 5, 2026
Finder16
Credited to Finder16
AIOHTTP vulnerable to DoS through chunked messages Moderate
CVE-2025-69229 was published for aiohttp (pip) Jan 5, 2026
Finder16
Credited to Finder16
AIOHTTP vulnerable to denial of service through large payloads Moderate
CVE-2025-69228 was published for aiohttp (pip) Jan 5, 2026
ThomasRinsma Finder16
Credited to ThomasRinsma and Finder16
AIOHTTP vulnerable to DoS when bypassing asserts Moderate
CVE-2025-69227 was published for aiohttp (pip) Jan 5, 2026
ThomasRinsma
Credited to ThomasRinsma
AIOHTTP vulnerable to brute-force leak of internal static file path components Low
CVE-2025-69226 was published for aiohttp (pip) Jan 5, 2026
ThomasRinsma
Credited to ThomasRinsma
AIOHTTP has unicode match groups in regexes for ASCII protocol elements Low
CVE-2025-69225 was published for aiohttp (pip) Jan 5, 2026
ThomasRinsma
Credited to ThomasRinsma
AIOHTTP's unicode processing of header values could cause parsing discrepancies Low
CVE-2025-69224 was published for aiohttp (pip) Jan 5, 2026
ThomasRinsma
Credited to ThomasRinsma
AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb High
CVE-2025-69223 was published for aiohttp (pip) Jan 5, 2026
charleswhchan
Credited to charleswhchan
badkeys vulnerable to ASCII control character injection on console via malformed input Low
CVE-2026-21439 was published for badkeys (pip) Jan 5, 2026
hannob
Credited to hannob
Langflow Missing Authentication on Critical API Endpoints High
CVE-2026-21445 was published for langflow (pip) Jan 2, 2026
kj84park juh0ng
Credited to kj84park and juh0ng
Feast vulnerable to Deserialization of Untrusted Data High
CVE-2025-11157 was published for feast (pip) Jan 1, 2026
CBORDecoder reuse can leak shareable values across decode calls Moderate
CVE-2025-68131 was published for cbor2 (pip) Dec 31, 2025
andreer Pastea
Credited to andreer and Pastea
libsodium has Incomplete List of Disallowed Inputs Moderate
CVE-2025-69277 was published for PyNaCl (Composer) Dec 31, 2025
Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.attrgetter High
GHSA-46h3-79wf-xr6c was published for picklescan (pip) Dec 30, 2025
CoolwindHF
Credited to CoolwindHF
Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.methodcaller High
GHSA-955r-x9j8-7rhh was published for picklescan (pip) Dec 30, 2025
CoolwindHF
Credited to CoolwindHF
Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran._eval_length Moderate
GHSA-6556-fwc2-fg2p was published for picklescan (pip) Dec 30, 2025
ac0d3r Lyutoon
Credited to ac0d3r and Lyutoon
Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.getlincoef High
GHSA-rrxm-2pvv-m66x was published for picklescan (pip) Dec 30, 2025
ac0d3r Lyutoon
Credited to ac0d3r and Lyutoon
Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.param_eval Moderate
GHSA-cffc-mxrf-mhh4 was published for picklescan (pip) Dec 29, 2025
CoolwindHF
Credited to CoolwindHF
Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran.myeval High
GHSA-3329-ghmp-jmv5 was published for picklescan (pip) Dec 29, 2025
CoolwindHF
Credited to CoolwindHF
Picklescan is vulnerable to RCE through missing detection when calling built-in python operator.methodcaller High
GHSA-x843-g5mx-g377 was published for picklescan (pip) Dec 29, 2025
CoolwindHF
Credited to CoolwindHF
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database