GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
14 advisories
Filter by severity
vLLM: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations
Moderate
CVE-2026-12491
was published
for
vllm
(pip)
Jun 17, 2026
Pillow has a PDF Parsing Trailer Infinite Loop (DoS)
Moderate
CVE-2026-42310
was published
for
pillow
(pip)
May 4, 2026
Langflow has Authenticated Code Execution in Agentic Assistant Validation
Critical
CVE-2026-33873
was published
for
langflow
(pip)
Mar 26, 2026
vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class
High
CVE-2025-6242
was published
for
vllm
(pip)
Oct 7, 2025
LLaMA Factory's Chat API Contains Critical SSRF and LFI Vulnerabilities
High
CVE-2025-61784
was published
for
llamafactory
(pip)
Oct 7, 2025
vLLM has a Weakness in MultiModalHasher Image Hashing Implementation
Moderate
CVE-2025-46722
was published
for
vllm
(pip)
May 28, 2025
vLLM vulnerable to Regular Expression Denial of Service
Moderate
GHSA-j828-28rj-hfhp
was published
for
vllm
(pip)
May 28, 2025
vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py`
Moderate
CVE-2025-48887
was published
for
vllm
(pip)
May 28, 2025
phi4mm: Quadratic Time Complexity in Input Token Processing leads to denial of service
Moderate
CVE-2025-46560
was published
for
vllm
(pip)
Apr 29, 2025
vLLM Vulnerable to Remote Code Execution via Mooncake Integration
Critical
CVE-2025-32444
was published
for
vllm
(pip)
Apr 29, 2025
Data exposure via ZeroMQ on multi-node vLLM deployment
High
CVE-2025-30202
was published
for
vllm
(pip)
Apr 29, 2025
vLLM Allows Remote Code Execution via Mooncake Integration
Critical
CVE-2025-29783
was published
for
vllm
(pip)
Mar 19, 2025
vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache
Low
CVE-2025-25183
was published
for
vllm
(pip)
Feb 6, 2025
Tornado has an HTTP cookie parsing DoS vulnerability
High
CVE-2024-52804
was published
for
tornado
(pip)
Nov 22, 2024
ProTip!
Advisories are also available from the
GraphQL API