Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

3 advisories

Loading
uv allows ZIP payload obfuscation through parsing differentials Moderate
GHSA-pqhf-p39g-3x64 was published for uv (pip) Oct 29, 2025
calebbrown Credited to calebbrown, woodruffw, and zanieb woodruffw woodruffw
zanieb zanieb
uv has differential in tar extraction with PAX headers Low
GHSA-w476-p2h3-79g9 was published for uv (pip) Oct 21, 2025
woodruffw Credited to woodruffw and zanieb zanieb zanieb
uv allows ZIP payload obfuscation through parsing differentials Moderate
CVE-2025-54368 was published for uv (pip) Aug 7, 2025
charliermarsh Credited to charliermarsh, zanieb, woodruffw, thatch, and calebbrown zanieb zanieb
woodruffw woodruffw thatch thatch calebbrown calebbrown
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database