Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

2,282 advisories

Loading
UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps() Moderate
CVE-2026-54911 was published for ujson (pip) Jun 19, 2026
Zwique Credited to Zwique, bwoodsend, and hugovk bwoodsend bwoodsend
hugovk hugovk
WebOb: Location header normalization during redirect leads to open redirect - again Moderate
CVE-2026-44889 was published for webob (pip) Jun 4, 2026
ac0d3r Credited to ac0d3r and Lyutoon Lyutoon Lyutoon
PocketSphinx: Buffer overflows in language and acoustic model loading code Moderate
CVE-2026-54559 was published for pocketsphinx (pip) Jul 17, 2026
damseleng Credited to damseleng
x0root Credited to x0root
plone.restapi: Stored XSS by spoofing mime type Moderate
GHSA-8rqh-vxpr-x77p was published for plone.restapi (pip) Jul 17, 2026
gyst Credited to gyst
plone.app.textfield: Stored XSS by spoofing mime type Moderate
CVE-2026-54503 was published for plone.app.textfield (pip) Jul 17, 2026
gyst Credited to gyst
vLLM: Speech-to-text upload size limit is enforced after full UploadFile read Moderate
CVE-2026-55646 was published for vllm (pip) Jul 17, 2026
rexpository Credited to rexpository and jperezdealgaba jperezdealgaba jperezdealgaba
sanic-cors contains an improper regular expression in the try_match() function Moderate
CVE-2026-37737 was published for sanic-cors (pip) Jun 5, 2026
kexinoh Credited to kexinoh, russellb, DarkLight1337, and Isotr0py russellb russellb
DarkLight1337 DarkLight1337 Isotr0py Isotr0py
vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels Moderate
CVE-2026-54235 was published for vllm (pip) Jun 17, 2026
brodmart Credited to brodmart and jperezdealgaba jperezdealgaba jperezdealgaba
vLLM: OOM Denial of Service via Audio Decompression Bomb Moderate
CVE-2026-54233 was published for vllm (pip) Jun 17, 2026
RTV-GIT Credited to RTV-GIT, russellb, and jperezdealgaba russellb russellb
jperezdealgaba jperezdealgaba
kexinoh Credited to kexinoh, russellb, jperezdealgaba, and DarkLight1337 russellb russellb
jperezdealgaba jperezdealgaba DarkLight1337 DarkLight1337
addcontent Credited to addcontent, russellb, and jperezdealgaba russellb russellb
jperezdealgaba jperezdealgaba
vLLM Vulnerable to Remote DoS via Special-Token Placeholders Moderate
CVE-2026-44222 was published for vllm (pip) May 5, 2026
wumingzhilian Credited to wumingzhilian
Aviral2642 Credited to Aviral2642, russellb, and jperezdealgaba russellb russellb
jperezdealgaba jperezdealgaba
vLLM: Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server Moderate
CVE-2026-34756 was published for vllm (pip) Apr 3, 2026
ez-lbz Credited to ez-lbz, russellb, and jperezdealgaba russellb russellb
jperezdealgaba jperezdealgaba
vLLM: Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing Moderate
CVE-2026-34755 was published for vllm (pip) Apr 3, 2026
SEORY0 Credited to SEORY0, russellb, jperezdealgaba, DarkLight1337, and Isotr0py russellb russellb
jperezdealgaba jperezdealgaba DarkLight1337 DarkLight1337 Isotr0py Isotr0py
vLLM: Server-Side Request Forgery (SSRF) in `download_bytes_from_url ` Moderate
CVE-2026-34753 was published for vllm (pip) Apr 3, 2026
Fushuling Credited to Fushuling, L2ncE, TsingShui, l2yyd5, Danthology, iharee, BoyiZhao, russellb, jperezdealgaba, and Victor-code-Y L2ncE L2ncE
TsingShui TsingShui l2yyd5 l2yyd5 Danthology Danthology iharee iharee BoyiZhao BoyiZhao russellb russellb jperezdealgaba jperezdealgaba Victor-code-Y Victor-code-Y
vLLM has SSRF Protection Bypass Moderate
CVE-2026-25960 was published for vllm (pip) Mar 9, 2026
RacerZ-fighting Credited to RacerZ-fighting, russellb, DarkLight1337, Isotr0py, and Fushuling russellb russellb
DarkLight1337 DarkLight1337 Isotr0py Isotr0py Fushuling Fushuling
russellb Credited to russellb, Isotr0py, and DarkLight1337 Isotr0py Isotr0py
DarkLight1337 DarkLight1337
vLLM Tool Schema allows DoS via Malformed pattern and type Fields Moderate
CVE-2025-48944 was published for vllm (pip) May 28, 2025
russellb Credited to russellb and Jason-CKY Jason-CKY Jason-CKY
vLLM: Quadratic Time Complexity in Input Token Processing​ leads to denial of service Moderate
CVE-2025-46560 was published for vllm (pip) Apr 29, 2025
kexinoh Credited to kexinoh, d3do-23, lonelyuan, russellb, DarkLight1337, and Isotr0py d3do-23 d3do-23
lonelyuan lonelyuan russellb russellb DarkLight1337 DarkLight1337 Isotr0py Isotr0py
ProTip! Advisories are also available from the GraphQL API