Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,169
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

469 advisories

Loading
Flawfinder output manipulation via untrusted filenames and source text Low
CVE-2026-48813 was published for flawfinder (pip) Jun 26, 2026
PGHoard: Password written to debug log Low
CVE-2026-54711 was published for pghoard (pip) Jun 18, 2026
BBOT: Symlink-Following Arbitrary Write via github_workflows Module Low
CVE-2026-12567 was published for bbot (pip) Jun 18, 2026
AAtomical Credited to AAtomical
BBOT: Server-Side Request Forgery (SSRF) in docker_pull module via WWW-Authenticate realm parsing Low
CVE-2026-12566 was published for bbot (pip) Jun 18, 2026
sondt99 Credited to sondt99
Bleach: URI sanitization allows disallowed URI schemes with Unicode > U+00A0 in output Low
GHSA-8rfp-98v4-mmr6 was published for bleach (pip) Jun 16, 2026
Starlette: Unvalidated request path concatenated into authority poisons request.url.hostname Low
CVE-2026-54282 was published for Starlette (pip) Jun 15, 2026
nic-lovin Credited to nic-lovin
python-multipart: Negative Content-Length in parse_form buffers the entire body in memory Low
CVE-2026-53540 was published for python-multipart (pip) Jun 15, 2026
lullu57 Credited to lullu57 and seok-hee97 seok-hee97 seok-hee97
python-multipart: Semicolon treated as querystring field separator enables parameter smuggling Low
CVE-2026-53538 was published for python-multipart (pip) Jun 15, 2026
maxisbey Credited to maxisbey
python-multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters Low
CVE-2026-53537 was published for python-multipart (pip) Jun 15, 2026
0xkakash1 Credited to 0xkakash1 and sammiee5311 sammiee5311 sammiee5311
aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections Low
CVE-2026-54275 was published for aiohttp (pip) Jun 15, 2026
denyspakizh-tob Credited to denyspakizh-tob and bdraco bdraco bdraco
aiohttp: Payload Response Resources Are Not Closed After Mid-Body Disconnect Low
CVE-2026-54280 was published for aiohttp (pip) Jun 15, 2026
denyspakizh-tob Credited to denyspakizh-tob and bdraco bdraco bdraco
aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence Low
CVE-2026-54279 was published for aiohttp (pip) Jun 15, 2026
denyspakizh-tob Credited to denyspakizh-tob and bdraco bdraco bdraco
aiohttp: CRLF injection in multipart headers Low
CVE-2026-50269 was published for aiohttp (pip) Jun 15, 2026
tonghuaroot Credited to tonghuaroot and Dreamsorcerer Dreamsorcerer Dreamsorcerer
PyJWKClient unbounded JWKS endpoint requests via attacker-controlled kid values (DoS) Low
CVE-2026-48524 was published for pyjwt (pip) Jun 15, 2026
Tornado has out-of-bounds memory access via C extension Low
CVE-2026-49854 was published for tornado (pip) Jun 12, 2026
sondt99 Credited to sondt99
Dulwich doesn't sanitize commit subjects in `porcelain.format_patch` Low
CVE-2026-47712 was published for dulwich (pip) Jun 8, 2026
ctoth Credited to ctoth and jelmer jelmer jelmer
Crawlee for Python: SSRF via sitemap-derived URLs Low
CVE-2026-46497 was published for crawlee (pip) May 21, 2026
FORIMOC Credited to FORIMOC and Arturo0x90 Arturo0x90 Arturo0x90
PyTorch is vulnerable to memory corruption through its torch.lstm_cell function Low
CVE-2025-3001 was published for torch (pip) Mar 31, 2025
PyTorch is vulnerable to memory corruption through its torch.jit.script function Low
CVE-2025-3000 was published for torch (pip) Mar 31, 2025
PyTorch: Manipulation of the argument scale/zero_point leads to improper initialization via Quantized Sigmoid Module Low
CVE-2025-2149 was published for torch (pip) Mar 10, 2025
PyTorch Tuple Handler is Vulnerable to Memory Corruption through Manipulation of None Argument Low
CVE-2025-2148 was published for torch (pip) Mar 10, 2025
pywasm3 has Improper Restriction of Operations within the Bounds of a Memory Buffer Low
CVE-2025-6272 was published for pywasm3 (pip) Jun 19, 2025
pretix has Email Content Injection Through Maliciously Formatted Names Low
CVE-2025-13742 was published for pretix (pip) Nov 27, 2025
Nautobot missing object-level permissions enforcement when running Job Buttons Low
CVE-2023-51649 was published for nautobot (pip) Dec 22, 2023
abdikanipd Credited to abdikanipd
OpenStack Keystone: Restricted application credentials can create EC2 credentials Low
CVE-2026-33551 was published for keystone (pip) Apr 10, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database