Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

18 advisories

Loading
Picklescan does not block ctypes High
CVE-2025-71323 was published for picklescan (pip) Dec 29, 2025
0x-Apollyon Credited to 0x-Apollyon
LiteLLM has a sandbox escape in custom-code guardrail High
CVE-2026-40217 was published for litellm (pip) May 11, 2026
Apache Airflow Providers Http has Unsafe Pickle Deserializatio leading to RCE via HttpOperator High
CVE-2025-69219 was published for apache-airflow-providers-http (pip) Mar 9, 2026
Crafter Studio Groovy Sandbox Bypass High
CVE-2025-6384 was published for org.craftercms:crafter-studio (Maven) Jun 19, 2025
Langflow remote code execution vulnerability High
CVE-2024-37014 was published for langflow (pip) Jun 10, 2024
renbou Credited to renbou and comrumino comrumino comrumino
Serialization gadgets exploit in jackson-databind High
CVE-2020-35491 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
mpihelgas Credited to mpihelgas
RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape High
CVE-2023-37271 was published for RestrictedPython (pip) Jul 10, 2023
loechel Credited to loechel, Quasar0147, despawningbone, dataflake, and nneonneo Quasar0147 Quasar0147
despawningbone despawningbone dataflake dataflake nneonneo nneonneo
Crafter CMS Crafter Studio vulnerable to Improper Control of Dynamically-Managed Code Resources High
CVE-2021-23267 was published for org.craftercms:crafter-studio (Maven) May 17, 2022
CrafterCMS Crafter Studio Improperly Controls Dynamically-Managed Code Resources High
CVE-2022-40634 was published for org.craftercms:crafter-studio (Maven) Sep 14, 2022
sqlite vulnerable to code execution due to Object coercion High
CVE-2022-43441 was published for sqlite3 (npm) Mar 13, 2023
Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio High
CVE-2020-25802 was published for org.craftercms:crafter-studio (Maven) Feb 9, 2022
Use of Potentially Dangerous Function in mixme High
CVE-2021-29491 was published for mixme (npm) May 6, 2021
CySirX Credited to CySirX
Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio High
CVE-2020-25803 was published for org.craftercms:crafter-studio (Maven) Feb 9, 2022
Misuse of `Reference` and other transferable APIs may lead to access to nodejs isolate High
CVE-2021-21413 was published for isolated-vm (npm) Apr 6, 2021
vdata1 Credited to vdata1 and cristianstaicu cristianstaicu cristianstaicu
CrafterCMS OS Command Injection vulnerability High
CVE-2022-40635 was published for org.craftercms:craftercms (Maven) Sep 14, 2022
ProTip! Advisories are also available from the GraphQL API