Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,039
Maven
5,000+
npm
4,779
NuGet
824
pip
4,380
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

29 advisories

Loading
LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution Moderate
CVE-2026-27794 was published for langgraph-checkpoint (pip) Feb 25, 2026
zdi-disclosures Credited to zdi-disclosures
DiskCache has unsafe pickle deserialization Moderate
CVE-2025-69872 was published for diskcache (pip) Feb 11, 2026
picklescan vulnerable to arbitrary file create using logging.FileHandler Moderate
GHSA-m7j5-r2p5-c39r was published for picklescan (pip) Feb 2, 2026
ez-lbz Credited to ez-lbz
Tendenci Affected by Authenticated Remote Code Execution via Pickle Deserialization Moderate
CVE-2026-23946 was published for tendenci (pip) Jan 21, 2026
nedlir Credited to nedlir
Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran._eval_length Moderate
GHSA-6556-fwc2-fg2p was published for picklescan (pip) Dec 30, 2025
ac0d3r Credited to ac0d3r and Lyutoon Lyutoon Lyutoon
Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.param_eval Moderate
GHSA-cffc-mxrf-mhh4 was published for picklescan (pip) Dec 29, 2025
CoolwindHF Credited to CoolwindHF
cryptidy allows code execution via untrusted data due to pickle.loads Moderate
CVE-2025-63675 was published for cryptidy (pip) Oct 31, 2025
Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery Moderate
CVE-2025-12058 was published for keras (pip) Oct 29, 2025
Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization Moderate
GHSA-cq46-m9x9-j8w2 was published for scapy (pip) Oct 22, 2025
anotherik Credited to anotherik
python-socketio vulnerable to arbitrary Python code execution (RCE) through malicious pickle deserialization in certain multi-server deployments Moderate
CVE-2025-61765 was published for python-socketio (pip) Oct 7, 2025
locus-x64 Credited to locus-x64
SGLang Remote Code Execution Vulnerability via Unsafe Deserialization in update_weights_from_tensor Moderate
CVE-2025-10164 was published for sglang (pip) Sep 9, 2025
m1ssya Credited to m1ssya
MS SWIFT Deserialization RCE Vulnerability Moderate
GHSA-r54c-2xmf-2cf3 was published for ms-swift (pip) Jul 31, 2025
TencentAISec Credited to TencentAISec
pypickle unsafe deserialization vulnerability Moderate
CVE-2025-5174 was published for pypickle (pip) May 26, 2025
HumanSignal label-studio-ml-backend Deserialization of Untrusted Data vulnerability Moderate
CVE-2025-5173 was published for label-studio-ml (pip) May 26, 2025
FunAudioLLM InspireMusic deserialization vulnerability Moderate
CVE-2025-5148 was published for inspiremusic (pip) May 25, 2025
LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py Moderate
CVE-2025-46567 was published for llamafactory (pip) Apr 23, 2025
Anchor0221 Credited to Anchor0221 and xhjy2020 xhjy2020 xhjy2020
Picklescan failed to detect to some unsafe global function in Numpy library Moderate
GHSA-fj43-3qmq-673f was published for picklescan (pip) Apr 7, 2025
SeaW1nd Credited to SeaW1nd
LMDeploy Improper Input Validation Vulnerability Moderate
CVE-2025-3162 was published for lmdeploy (pip) Apr 3, 2025
snowflake-connector-python vulnerable to insecure deserialization of the OCSP response cache Moderate
CVE-2025-24794 was published for snowflake-connector-python (pip) Jan 29, 2025
Reverb use after free vulnerability Moderate
CVE-2024-8375 was published for dm-reverb (pip) Sep 19, 2024
`qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code Moderate
CVE-2024-29032 was published for qiskit-ibm-runtime (pip) Mar 20, 2024
richrines1 Credited to richrines1
ai-flow Deserialization of Untrusted Data vulnerability Moderate
CVE-2024-0960 was published for ai-flow (pip) Jan 27, 2024
Apache Superset Deserialization of Untrusted Data vulnerability Moderate
CVE-2023-37941 was published for apache-superset (pip) Sep 6, 2023
qlib Deserialization of Untrusted Data vulnerability Moderate
CVE-2021-23338 was published for pyqlib (pip) May 24, 2022
Deserialization of Untrusted Data in Beaker Moderate
CVE-2013-7489 was published for Beaker (pip) May 5, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database