Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

4,317 advisories

Loading
orjson does not limit recursion for deeply nested JSON documents Moderate
CVE-2025-67221 was published for orjson (pip) Jan 22, 2026
jrafkind-ai
Credited to jrafkind-ai
Moonraker affected by LDAP search filter injection Low
CVE-2026-24130 was published for moonraker (pip) Jan 22, 2026
solovvway
Credited to solovvway
Wheel Affected by Arbitrary File Permission Modification via Path Traversal in wheel unpack High
CVE-2026-24049 was published for wheel (pip) Jan 22, 2026
kilkat henryiii
agronholm frenzymadness
Credited to kilkat, henryiii, agronholm, and frenzymadness
docling-core vulnerable to Remote Code Execution via unsafe PyYAML usage High
CVE-2026-24009 was published for docling-core (pip) Jan 22, 2026
avioligo vagenas
PeterStaar-IBM dolfim-ibm tiran
Credited to avioligo, vagenas, PeterStaar-IBM, dolfim-ibm, and tiran
FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection Low
CVE-2026-23996 was published for fastapi-api-key (pip) Jan 21, 2026
Copier safe template has arbitrary filesystem write access via directory symlinks when _preserve_symlinks: true Moderate
CVE-2026-23986 was published for copier (pip) Jan 21, 2026
cbrown1234 sisp
Credited to cbrown1234 and sisp
Copier safe template has arbitrary filesystem read access via symlinks when _preserve_symlinks: false Moderate
CVE-2026-23968 was published for copier (pip) Jan 21, 2026
sisp cbrown1234
Credited to sisp and cbrown1234
Tendenci Affected by Authenticated Remote Code Execution via Pickle Deserialization Moderate
CVE-2026-23946 was published for tendenci (pip) Jan 21, 2026
nedlir
Credited to nedlir
vLLM affected by RCE via auto_map dynamic module loading during model initialization High
CVE-2026-22807 was published for vllm (pip) Jan 21, 2026
zaddy6 arthurgervais
DarkLight1337 russellb
Credited to zaddy6, arthurgervais, DarkLight1337, and russellb
ESPHome vulnerable to denial-of-service via out-of-bounds check bypass in the API component Moderate
CVE-2026-23833 was published for esphome (pip) Jan 21, 2026
Mat931
Credited to Mat931
Swing Music has a Directory Traversal & Filesystem can be accessed by a non-admin user Moderate
CVE-2026-23877 was published for swingmusic (pip) Jan 21, 2026
d-virtuosa
Credited to d-virtuosa
ChatterBot Vulnerable to Denial of Service via Database Connection Pool Exhaustion High
CVE-2026-23842 was published for chatterbot (pip) Jan 20, 2026
AdityaBhatt3010
Credited to AdityaBhatt3010
WeasyPrint has a Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect High
CVE-2025-68616 was published for weasyprint (pip) Jan 20, 2026
g4nkd
Credited to g4nkd
Chainlit contain a server-side request forgery (SSRF) vulnerability High
CVE-2026-22219 was published for chainlit (pip) Jan 20, 2026
Crawl4AI is Vulnerable to Remote Code Execution in Docker API via Hooks Parameter Critical
CVE-2026-26216 was published for Crawl4AI (pip) Jan 16, 2026
Crawl4AI Has Local File Inclusion in Docker API via file:// URLs Critical
CVE-2026-26217 was published for crawl4ai (pip) Jan 16, 2026
pyasn1 has a DoS vulnerability in decoder High
CVE-2026-23490 was published for pyasn1 (pip) Jan 16, 2026
tsigouris007
Credited to tsigouris007
Weblate wlc path traversal vulnerability: Unsanitized API slugs in download command High
CVE-2026-23535 was published for wlc (pip) Jan 16, 2026
Zee99y nijel
Credited to Zee99y and nijel
Dask Distributed is Vulnerable to Remote Code Execution via Jupyter Proxy and Dashboard Moderate
CVE-2026-23528 was published for distributed (pip) Jan 16, 2026
Apache Airflow proxy credentials for various providers might leak in task logs High
CVE-2025-68675 was published for apache-airflow (pip) Jan 16, 2026
Apache Airflow secrets in rendered templates could contain parts of sensitive values when truncated High
CVE-2025-68438 was published for apache-airflow (pip) Jan 16, 2026
Google Keras Allocates Resources Without Limits or Throttling in the HDF5 weight loading component High
CVE-2026-0897 was published for keras (pip) Jan 15, 2026
BlackSheep's ClientSession is vulnerable to CRLF injection Moderate
CVE-2026-22779 was published for blacksheep (pip) Jan 14, 2026
tr4ce-ju
Credited to tr4ce-ju
Weblate leaks information via screenshots Low
CVE-2026-21889 was published for weblate (pip) Jan 14, 2026
nijel amCap1712
Credited to nijel and amCap1712
Chainlit contains an authorization bypass vulnerability Low
CVE-2025-68492 was published for chainlit (pip) Jan 14, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database