GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
9 advisories
es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`
Low
CVE-2024-27088
was published
for
es5-ext
(npm)
Feb 26, 2024
setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write
High
CVE-2025-47273
was published
for
setuptools
(pip)
May 19, 2025
Langroid has a Code Injection vulnerability in TableChatAgent
Critical
CVE-2025-46724
was published
for
langroid
(pip)
May 20, 2025
Langroid has a Code Injection vulnerability in LanceDocChatAgent through vector_store
High
CVE-2025-46725
was published
for
langroid
(pip)
May 20, 2025
Langroid Allows XXE Injection via XMLToolMessage
High
CVE-2025-46726
was published
for
langroid
(pip)
May 5, 2025
curl_cffi bundles a version of libcurl affected by High Severity vulnerability
High
GHSA-3vpc-4p9p-47hc
was published
for
curl-cffi
(pip)
Oct 22, 2024
OAuthLib vulnerable to DoS when attacker provides malicious IPV6 URI
Moderate
CVE-2022-36087
was published
for
oauthlib
(pip)
Sep 16, 2022
[PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS`
Low
CVE-2024-41124
was published
for
puncia
(pip)
Jul 19, 2024
Bundled libwebp in pywebp vulnerable
High
GHSA-f9pm-4g9p-6vm3
was published
for
webp
(pip)
Oct 6, 2023
ProTip!
Advisories are also available from the
GraphQL API