GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
8 advisories
ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load
Moderate
CVE-2026-34446
was published
for
onnx
(pip)
Apr 1, 2026
ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.
High
CVE-2026-34445
was published
for
onnx
(pip)
Apr 1, 2026
AVideo vulnerable to IP Address Spoofing via Untrusted HTTP Headers in getRealIpAddr()
Moderate
CVE-2026-33690
was published
for
wwbn/avideo
(Composer)
Mar 25, 2026
Natural Language Toolkit (NLTK) has unbounded recursion in JSONTaggedDecoder.decode_obj() may cause DoS
Moderate
GHSA-rf74-v2fm-23pw
was published
for
nltk
(pip)
Mar 18, 2026
ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack
High
CVE-2026-28500
was published
for
onnx
(pip)
Mar 16, 2026
jsPDF has a PDF Object Injection via Unsanitized Input in addJS Method
High
CVE-2026-25755
was published
for
jspdf
(npm)
Feb 19, 2026
jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions
High
CVE-2026-25535
was published
for
jspdf
(npm)
Feb 19, 2026
AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection
High
CVE-2026-25762
was published
for
@adonisjs/bodyparser
(npm)
Feb 6, 2026
ProTip!
Advisories are also available from the
GraphQL API