Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,880
Maven
5,000+
npm
4,518
NuGet
784
pip
4,260
Pub
12
RubyGems
975
Rust
1,105
Swift
49
Unreviewed advisories
All unreviewed
5,000+

4,260 advisories

Loading
Unfurl's debug mode cannot be disabled due to string config parsing (Werkzeug debugger exposure) Critical
GHSA-vg9h-jx4v-cwx2 was published for dfir-unfurl (pip) Jan 29, 2026
mobasi-team
Credited to mobasi-team
Unfurl's unbounded zlib decompression allows decompression bomb DoS Moderate
GHSA-h5qv-qjv4-pc5m was published for dfir-unfurl (pip) Jan 29, 2026
mobasi-team
Credited to mobasi-team
AutoGPT is Vulnerable to RCE via Disabled Block Execution Critical
CVE-2026-24780 was published for agpt (pip) Jan 29, 2026
rahulgovind
Credited to rahulgovind
vLLM vulnerable to Server-Side Request Forgery (SSRF) through MediaConnector High
CVE-2026-24779 was published for vllm (pip) Jan 28, 2026
leishilong leung-yao
Isotr0py russellb
Credited to leishilong, leung-yao, Isotr0py, and russellb
TaskWeaver has Protection Mechanism Failure and Server-Side Request Forgery (SSRF) Moderate
GHSA-gpx9-96j6-pp87 was published for agentos-taskweaver (pip) Jan 28, 2026
nnfrog
Credited to nnfrog
PyTorch Vulnerable to Remote Code Execution via Untrusted Checkpoint Files High
CVE-2026-24747 was published for pytorch (pip) Jan 27, 2026
azraelxuemo
Credited to azraelxuemo
OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication Moderate
CVE-2026-23892 was published for OctoPrint (pip) Jan 27, 2026
yueyueL
Credited to yueyueL
askbot inexhaustive permissions check allows any user to modify a different user's profile picture Moderate
CVE-2026-1213 was published for askbot (pip) Jan 27, 2026
pypdf has possible Infinite Loop when processing outlines/bookmarks Moderate
CVE-2026-24688 was published for pypdf (pip) Jan 26, 2026
JoakimBulow stefan6419846
Credited to JoakimBulow and stefan6419846
MobSF has Stored XSS via Manifest Analysis - Dialer Code Host Field High
CVE-2026-24490 was published for mobsf (pip) Jan 26, 2026
smaranchand
Credited to smaranchand
Gakido vulnerable to HTTP Header Injection (CRLF Injection) Moderate
CVE-2026-24489 was published for gakido (pip) Jan 26, 2026
omarkurt
Credited to omarkurt
Python-Multipart has Arbitrary File Write via Non-Default Configuration High
CVE-2026-24486 was published for python-multipart (pip) Jan 26, 2026
mwlik imenyoo2
Credited to mwlik and imenyoo2
sigstore CSRF possibility in OIDC authentication during signing Low
CVE-2026-24408 was published for sigstore (pip) Jan 26, 2026
jku
Credited to jku
GI-DocGen vulnerable to Reflected XSS via unescaped query strings Moderate
CVE-2025-11687 was published for gi-docgen (pip) Jan 26, 2026
BentoML has a Path Traversal via Bentofile Configuration High
CVE-2026-24123 was published for bentoml (pip) Jan 26, 2026
logicx24
Credited to logicx24
dcap-qvl has Missing Verification for QE Identity Critical
CVE-2026-22696 was published for @phala/dcap-qvl (npm) Jan 26, 2026
protobuf affected by a JSON recursion depth bypass High
CVE-2026-0994 was published for protobuf (pip) Jan 23, 2026
Sentencepiece has a a heap overflow issue High
CVE-2026-1260 was published for sentencepiece (pip) Jan 22, 2026
orjson does not limit recursion for deeply nested JSON documents Moderate
CVE-2025-67221 was published for orjson (pip) Jan 22, 2026
jrafkind-ai
Credited to jrafkind-ai
Moonraker affected by LDAP search filter injection Low
CVE-2026-24130 was published for moonraker (pip) Jan 22, 2026
solovvway
Credited to solovvway
Wheel Affected by Arbitrary File Permission Modification via Path Traversal in wheel unpack High
CVE-2026-24049 was published for wheel (pip) Jan 22, 2026
kilkat henryiii
agronholm frenzymadness
Credited to kilkat, henryiii, agronholm, and frenzymadness
docling-core vulnerable to Remote Code Execution via unsafe PyYAML usage High
CVE-2026-24009 was published for docling-core (pip) Jan 22, 2026
avioligo vagenas
PeterStaar-IBM dolfim-ibm tiran
Credited to avioligo, vagenas, PeterStaar-IBM, dolfim-ibm, and tiran
FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection Low
CVE-2026-23996 was published for fastapi-api-key (pip) Jan 21, 2026
Copier safe template has arbitrary filesystem write access via directory symlinks when _preserve_symlinks: true Moderate
CVE-2026-23986 was published for copier (pip) Jan 21, 2026
cbrown1234 sisp
Credited to cbrown1234 and sisp
Copier safe template has arbitrary filesystem read access via symlinks when _preserve_symlinks: false Moderate
CVE-2026-23968 was published for copier (pip) Jan 21, 2026
sisp cbrown1234
Credited to sisp and cbrown1234
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database