GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
501 advisories
internetarchive Vulnerable to Directory Traversal in File.download()
Critical
CVE-2025-58438
was published
for
internetarchive
(pip)
Sep 5, 2025
Pixar OpenUSD Sdf_PathNode Module Use-After-Free Vulnerability Leading to Potential Remote Code Execution
Critical
GHSA-58p5-r2f6-g2cj
was published
for
usd-core
(pip)
Sep 4, 2025
DeepDiff Class Pollution in Delta class leading to DoS, Remote Code Execution, and more
Critical
CVE-2025-58367
was published
for
deepdiff
(pip)
Sep 3, 2025
PyTorch: `torch.load` with `weights_only=True` leads to remote code execution
Critical
CVE-2025-32434
was published
for
torch
(pip)
Apr 18, 2025
changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution
Critical
CVE-2024-32651
was published
for
changedetection.io
(pip)
Oct 15, 2024
pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE)
Critical
CVE-2025-54802
was published
for
pyload-ng
(pip)
Aug 4, 2025
BentoML SSRF Vulnerability in File Upload Processing
Critical
CVE-2025-54381
was published
for
bentoml
(pip)
Jul 29, 2025
pyLoad vulnerable to XSS through insecure CAPTCHA
Critical
CVE-2025-53890
was published
for
pyload-ng
(pip)
Jul 15, 2025
vLLM Allows Remote Code Execution via Mooncake Integration
Critical
CVE-2025-29783
was published
for
vllm
(pip)
Mar 19, 2025
rfc3161-client has insufficient verification for timestamp response signatures
Critical
CVE-2025-52556
was published
for
rfc3161-client
(pip)
Jun 20, 2025
ProTip!
Advisories are also available from the
GraphQL API