Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

12 advisories

Loading
psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps Moderate
CVE-2026-27809 was published for psd-tools (pip) Feb 26, 2026
Duplicate Advisory: Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check Critical
GHSA-4vr7-g93g-cf6m was published for picklescan (pip) Sep 17, 2025 withdrawn
Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check Critical
CVE-2025-10156 was published for picklescan (pip) Sep 10, 2025
LlamaIndex Improper Handling of Exceptional Conditions vulnerability High
CVE-2024-12704 was published for llama-index-core (pip) Mar 20, 2025
fossilet Credited to fossilet
rdiffweb Missing Custom Error Page Moderate
CVE-2022-3175 was published for rdiffweb (pip) Sep 14, 2022
Denial of service due to incorrect application of event authorization rules High
CVE-2022-31152 was published for matrix-synapse (pip) Aug 31, 2022
Denial of service in bottle Critical
CVE-2022-31799 was published for bottle (pip) Jun 3, 2022
OpenStack Neutron's unsupported dport option prevents applying security groups High
CVE-2019-9735 was published for neutron (pip) May 13, 2022
Segfault in `tf.raw_ops.SparseCountSparseOutput` Low
CVE-2021-29619 was published for tensorflow (pip) May 21, 2021
Crash in `tf.transpose` with complex inputs Low
CVE-2021-29618 was published for tensorflow (pip) May 21, 2021
Crash in `tf.strings.substr` due to `CHECK`-fail Low
CVE-2021-29617 was published for tensorflow (pip) May 21, 2021
ecdsa Denial of Service vulnerability in signature verification and signature malleability High
CVE-2019-14853 was published for ecdsa (pip) Oct 8, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database