Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,193
Erlang
25
GitHub Actions
39
Go
2,385
Maven
3,027
npm
3,078
NuGet
529
pip
2,897
Pub
5
RubyGems
442
Rust
905
Swift
20
Unreviewed advisories
All unreviewed
5,000+

7 advisories

Loading
PraisonAI Vulnerable to Code Injection and Protection Mechanism Failure High
CVE-2026-40158 was published for PraisonAI (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr High
CVE-2026-34444 was published for lupa (pip) Apr 7, 2026
redyank Credited to redyank
vLLM has Hardcoded Trust Override in Model Files Enables RCE Despite Explicit User Opt-Out High
CVE-2026-27893 was published for vllm (pip) Mar 27, 2026
Wernerina Credited to Wernerina and russellb russellb russellb
ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack High
CVE-2026-28500 was published for onnx (pip) Mar 16, 2026
ZeroXJacks Credited to ZeroXJacks
Fickling has `always_check_safety()` bypass: pickle.loads and _pickle.loads remain unhooked High
GHSA-wccx-j62j-r448 was published for fickling (pip) Mar 4, 2026
mldangelo Credited to mldangelo
Picklescan Bypasses Unsafe Globals Check using pty.spawn High
GHSA-hgrh-qx5j-jfwx was published for picklescan (pip) Dec 29, 2025
yarienkiva Credited to yarienkiva
Remote Code Execution in Custom Integration Upload High
CVE-2023-41319 was published for ethyca-fides (pip) Sep 7, 2023
grmpyninja Credited to grmpyninja
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database