Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,846
Erlang
36
GitHub Actions
33
Go
2,470
Maven
5,000+
npm
4,090
NuGet
733
pip
3,907
Pub
12
RubyGems
944
Rust
1,011
Swift
39
Unreviewed advisories
All unreviewed
5,000+

23,665 advisories

Loading
Picklescan has a missing detection when calling built-in python code.InteractiveInterpreter Moderate
GHSA-cj3c-v495-4xqh was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.fetch_completions Moderate
GHSA-7cq8-mj8x-j263 was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.get_entity Moderate
GHSA-6w4w-5w54-rjvr was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan has a missing detection when calling built-in python idlelib.debugobj.ObjectTreeItem Moderate
GHSA-3vg9-h568-4w9m was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan has a missing detection when calling built-in python lib2to3.pgen2.grammar.Grammar.loads Moderate
GHSA-f54q-57x4-jg88 was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan has a missing detection when calling built-in python profile.Profile.runctx Moderate
GHSA-6vqj-c2q5-j97w was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan has a missing detection when calling built-in python profile.Profile.run Moderate
GHSA-x696-vm39-cp64 was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan has a missing detection when calling built-in python trace.Trace.runctx Moderate
GHSA-g344-hcph-8vgg was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan has a missing detection when calling built-in python trace.Trace.run Moderate
GHSA-5qwp-399c-mjwf was published for picklescan (pip) Aug 26, 2025
FredericDT
xml2rfc has an arbitrary file read vulnerability High
GHSA-cfmv-h8fx-85m7 was published for xml2rfc (pip) Aug 26, 2025
traQ Allows Insertion of Sensitive Information into Log File Moderate
CVE-2025-57813 was published for github.com/traPtitech/traQ (Go) Aug 26, 2025
ras0q
jsPDF Denial of Service (DoS) High
CVE-2025-57810 was published for jspdf (npm) Aug 26, 2025
AlexRomberg
ImageMagick (WriteBMPImage): 32-bit integer overflow when writing BMP scanline stride → heap buffer overflow High
CVE-2025-57803 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 26, 2025
mescuwa
ImageMagick has a Format String Bug in InterpretImageFilename leads to arbitrary code execution High
CVE-2025-55298 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 26, 2025
leehohojune jin-156
amethyst0225
ImageMagick affected by divide-by-zero in ThumbnailImage via montage -geometry ":" leads to crash Low
CVE-2025-55212 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 26, 2025
amethyst0225 leehohojune
jin-156
Easy!Appointments SQL injection vulnerability Moderate
CVE-2025-50383 was published for alextselegidis/easyappointments (Composer) Aug 26, 2025
LlamaIndex affected by a Denial of Service (DOS) in JSONReader High
CVE-2025-5302 was published for llama-index-core (pip) Aug 26, 2025
request-filtering-agent SSRF Bypass via HTTPS Requests to 127.0.0.1 Moderate
CVE-2025-57814 was published for request-filtering-agent (npm) Aug 25, 2025
ikkisoft
mitmproxy binaries embed a vulnerable python-hyper/h2 dependency Moderate
GHSA-63cx-g855-hvv4 was published for mitmproxy (pip) Aug 25, 2025
sebastianosrt mhils
h2 allows HTTP Request Smuggling due to illegal characters in headers Moderate
CVE-2025-57804 was published for h2 (pip) Aug 25, 2025
sebastianosrt mhils
XGrammar affected by Denial of Service by infinite recursion grammars High
CVE-2025-57809 was published for xgrammar (pip) Aug 25, 2025
xendo
Craft CMS Potential Remote Code Execution via Twig SSTI Moderate
CVE-2025-57811 was published for craftcms/cms (Composer) Aug 25, 2025
singetu0096
ImageMagick has Undefined Behavior (function-type-mismatch) in CloneSplayTree Moderate
CVE-2025-55160 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
mescuwa
imagemagick: integer overflows in MNG magnification High
CVE-2025-55154 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation (Post-RCE) High
CVE-2025-57760 was published for langflow (pip) Aug 25, 2025
chaandrey
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database