Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

14 advisories

Loading
kexinoh Credited to kexinoh, russellb, jperezdealgaba, and DarkLight1337 russellb russellb
jperezdealgaba jperezdealgaba DarkLight1337 DarkLight1337
Pillow has a PDF Parsing Trailer Infinite Loop (DoS) Moderate
CVE-2026-42310 was published for pillow (pip) May 4, 2026
kexinoh Credited to kexinoh
Langflow has Authenticated Code Execution in Agentic Assistant Validation Critical
CVE-2026-33873 was published for langflow (pip) Mar 26, 2026
kexinoh Credited to kexinoh and andifilhohub andifilhohub andifilhohub
vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class High
CVE-2025-6242 was published for vllm (pip) Oct 7, 2025
kexinoh Credited to kexinoh, d3do-23, lonelyuan, huachenheli, DarkLight1337, russellb, and sidhpurwala-huzaifa d3do-23 d3do-23
lonelyuan lonelyuan huachenheli huachenheli DarkLight1337 DarkLight1337 russellb russellb sidhpurwala-huzaifa sidhpurwala-huzaifa
LLaMA Factory's Chat API Contains Critical SSRF and LFI Vulnerabilities High
CVE-2025-61784 was published for llamafactory (pip) Oct 7, 2025
d3do-23 Credited to d3do-23, kexinoh, and lonelyuan kexinoh kexinoh
lonelyuan lonelyuan
vLLM has a Weakness in MultiModalHasher Image Hashing Implementation Moderate
CVE-2025-46722 was published for vllm (pip) May 28, 2025
kexinoh Credited to kexinoh, DarkLight1337, and russellb DarkLight1337 DarkLight1337
russellb russellb
vLLM vulnerable to Regular Expression Denial of Service Moderate
GHSA-j828-28rj-hfhp was published for vllm (pip) May 28, 2025
kexinoh Credited to kexinoh, russellb, and mgoin russellb russellb
mgoin mgoin
kexinoh Credited to kexinoh, russellb, and mgoin russellb russellb
mgoin mgoin
phi4mm: Quadratic Time Complexity in Input Token Processing​ leads to denial of service Moderate
CVE-2025-46560 was published for vllm (pip) Apr 29, 2025
kexinoh Credited to kexinoh, d3do-23, lonelyuan, russellb, DarkLight1337, and Isotr0py d3do-23 d3do-23
lonelyuan lonelyuan russellb russellb DarkLight1337 DarkLight1337 Isotr0py Isotr0py
vLLM Vulnerable to Remote Code Execution via Mooncake Integration Critical
CVE-2025-32444 was published for vllm (pip) Apr 29, 2025
kexinoh Credited to kexinoh, ShangmingCai, and russellb ShangmingCai ShangmingCai
russellb russellb
Data exposure via ZeroMQ on multi-node vLLM deployment High
CVE-2025-30202 was published for vllm (pip) Apr 29, 2025
russellb Credited to russellb and kexinoh kexinoh kexinoh
vLLM Allows Remote Code Execution via Mooncake Integration Critical
CVE-2025-29783 was published for vllm (pip) Mar 19, 2025
JosephTLucas Credited to JosephTLucas, russellb, and kexinoh russellb russellb
kexinoh kexinoh
kexinoh Credited to kexinoh and russellb russellb russellb
Tornado has an HTTP cookie parsing DoS vulnerability High
CVE-2024-52804 was published for tornado (pip) Nov 22, 2024
kexinoh Credited to kexinoh
ProTip! Advisories are also available from the GraphQL API