GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,472
Erlang
33
GitHub Actions
24
Go
2,195
Maven
5,000+
npm
3,841
NuGet
696
pip
3,632
Pub
12
RubyGems
911
Rust
910
Swift
38
Unreviewed advisories
All unreviewed
5,000+
3,632 advisories
Filter by severity
InvokeAI Deserialization of Untrusted Data vulnerability
Critical
CVE-2024-12029
was published
for
InvokeAI
(pip)
Mar 21, 2025
MLflow Cross-Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2025-1473
was published
for
mlflow
(pip)
Mar 20, 2025
Aim Excessive Data Query Operations in a Large Data Table vulnerability
High
CVE-2025-0190
was published
for
aim
(pip)
Mar 20, 2025
Aim Uncontrolled Resource Consumption vulnerability
High
CVE-2025-0189
was published
for
aim
(pip)
Mar 20, 2025
LiteLLM Has a Leakage of Langfuse API Keys
High
CVE-2025-0330
was published
for
litellm
(pip)
Mar 20, 2025
MLflow Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2025-0453
was published
for
mlflow
(pip)
Mar 20, 2025
SageMaker Workflow component allows possibility of MD5 hash collisions
Moderate
CVE-2025-0508
was published
for
sagemaker
(pip)
Mar 20, 2025
D-Tale Command Injection vulnerability
Critical
CVE-2025-0655
was published
for
dtale
(pip)
Mar 20, 2025
LiteLLM Has an Improper Authorization Vulnerability
High
CVE-2025-0628
was published
for
litellm
(pip)
Mar 20, 2025
LiteLLM Reveals Portion of API Key via a Logging File
High
CVE-2024-9606
was published
for
litellm
(pip)
Mar 20, 2025
Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability
High
CVE-2024-9840
was published
for
open-webui
(npm)
Mar 20, 2025
ZenML unauthenticated DoS via Multipart Boundry
High
CVE-2024-9340
was published
for
zenml
(pip)
Mar 20, 2025
Kedro deserialization vulnerability
Critical
CVE-2024-9701
was published
for
kedro
(pip)
Mar 20, 2025
Quivr unauthenticated Denial of Service (DoS) via Multipart Boundary
High
CVE-2024-9229
was published
for
quivr-core
(pip)
Mar 20, 2025
BentoML Denial of Service (DoS) via Multipart Boundary
High
CVE-2024-9056
was published
for
bentoml
(pip)
Mar 20, 2025
vLLM deserialization vulnerability in vllm.distributed.GroupCoordinator.recv_object
Critical
CVE-2024-9052
was published
for
vllm
(pip)
Mar 20, 2025
vLLM allows Remote Code Execution by Pickle Deserialization via AsyncEngineRPCServer() RPC server entrypoints
Critical
CVE-2024-9053
was published
for
vllm
(pip)
Mar 20, 2025
BentoML deserialization vulnerability
Critical
CVE-2024-9070
was published
for
bentoml
(pip)
Mar 20, 2025
composio allows Server-Side Request Forgery (SSRF) in BROWSERTOOL
Moderate
CVE-2024-8955
was published
for
composio-core
(pip)
Mar 20, 2025
Composio Eval Injection Vulnerability
High
CVE-2024-8953
was published
for
composio-core
(pip)
Mar 20, 2025
LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP Request
High
CVE-2024-8984
was published
for
litellm
(pip)
Mar 20, 2025
composio Server-Side Request Forgery (SSRF) vulnerability
Moderate
CVE-2024-8952
was published
for
composio-core
(pip)
Mar 20, 2025
Gradio DOS in multipart boundry while uploading the file
High
CVE-2024-8966
was published
for
gradio
(pip)
Mar 20, 2025
MLflow has a Local File Read/Path Traversal in dbfs
High
CVE-2024-8859
was published
for
mlflow
(pip)
Mar 20, 2025
ProTip!
Advisories are also available from the
GraphQL API