Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,193
Erlang
25
GitHub Actions
39
Go
2,386
Maven
3,027
npm
3,081
NuGet
529
pip
2,899
Pub
5
RubyGems
444
Rust
905
Swift
20
Unreviewed advisories
All unreviewed
5,000+

10 advisories

Loading
Fiona affected by CVE-2023-45853 related to MiniZip madler-zlib Critical
GHSA-q5fm-55c2-v6j9 was published for fiona (pip) Jul 16, 2024
sgillies Credited to sgillies
pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels Moderate
GHSA-h4gh-qq45-vh27 was published for cryptography (pip) Sep 3, 2024
Indico has a Cross-Site-Scripting during account creation Moderate
CVE-2024-45399 was published for indico (pip) Sep 4, 2024
pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution High
CVE-2024-56327 was published for pyrage (pip) Dec 19, 2024
gaby Credited to gaby and woodruffw woodruffw woodruffw
Vulnerable OpenSSL included in cryptography wheels Low
CVE-2024-12797 was published for cryptography (pip) Feb 11, 2025
vLLM vulnerable to Denial of Service by abusing xgrammar cache Moderate
GHSA-hf3c-wxg2-49q9 was published for vllm (pip) Apr 15, 2025
russellb Credited to russellb
multicast in source builds from vulnerable setuptools dependency Moderate
GHSA-94v7-wxj6-r2q5 was published for multicast (pip) May 28, 2025
mitmproxy binaries embed a vulnerable python-hyper/h2 dependency Moderate
GHSA-63cx-g855-hvv4 was published for mitmproxy (pip) Aug 25, 2025
sebastianosrt Credited to sebastianosrt and mhils mhils mhils
skia-python vendors vulnerable libfreetype because of pinned cibuildwheel version High
GHSA-2mhw-8qcg-gr96 was published for skia-python (pip) Mar 19, 2026
C2C CI utils is vulnerable to DoS via pyasn dependency (CVE-2026-30922) High
GHSA-wcjx-v2wj-xg87 was published for c2cciutils (pip) Mar 26, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database