GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
LiteLLM has a sandbox escape in custom-code guardrail
High
CVE-2026-40217
was published
for
litellm
(pip)
May 11, 2026
Apache Airflow Providers Http has Unsafe Pickle Deserializatio leading to RCE via HttpOperator
High
CVE-2025-69219
was published
for
apache-airflow-providers-http
(pip)
Mar 9, 2026
Picklescan does not block ctypes
High
CVE-2025-71323
was published
for
picklescan
(pip)
Dec 29, 2025
The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded.
High
CVE-2025-9905
was published
for
keras
(pip)
Sep 19, 2025
Duplicate Advisory: The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded.
High
GHSA-77wq-646f-jrm2
was published
for
keras
(pip)
Sep 19, 2025
•
withdrawn
Crafter Studio Groovy Sandbox Bypass
High
CVE-2025-6384
was published
for
org.craftercms:crafter-studio
(Maven)
Jun 19, 2025
Langflow remote code execution vulnerability
High
CVE-2024-37014
was published
for
langflow
(pip)
Jun 10, 2024
RPyC's missing security check results in code execution when using numpy.array on the server-side.
High
CVE-2024-27758
was published
for
rpyc
(pip)
Mar 6, 2024
RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape
High
CVE-2023-37271
was published
for
RestrictedPython
(pip)
Jul 10, 2023
sqlite vulnerable to code execution due to Object coercion
High
CVE-2022-43441
was published
for
sqlite3
(npm)
Mar 13, 2023
CrafterCMS Crafter Studio Improperly Controls Dynamically-Managed Code Resources
High
CVE-2022-40634
was published
for
org.craftercms:crafter-studio
(Maven)
Sep 14, 2022
CrafterCMS OS Command Injection vulnerability
High
CVE-2022-40635
was published
for
org.craftercms:craftercms
(Maven)
Sep 14, 2022
Crafter CMS Crafter Studio vulnerable to Improper Control of Dynamically-Managed Code Resources
High
CVE-2021-23267
was published
for
org.craftercms:crafter-studio
(Maven)
May 17, 2022
Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio
High
CVE-2020-25802
was published
for
org.craftercms:crafter-studio
(Maven)
Feb 9, 2022
Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio
High
CVE-2020-25803
was published
for
org.craftercms:crafter-studio
(Maven)
Feb 9, 2022
Serialization gadgets exploit in jackson-databind
High
CVE-2020-35491
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Use of Potentially Dangerous Function in mixme
High
CVE-2021-29491
was published
for
mixme
(npm)
May 6, 2021
Misuse of `Reference` and other transferable APIs may lead to access to nodejs isolate
High
CVE-2021-21413
was published
for
isolated-vm
(npm)
Apr 6, 2021
ProTip!
Advisories are also available from the
GraphQL API