Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,476
Erlang
33
GitHub Actions
24
Go
2,207
Maven
5,000+
npm
3,858
NuGet
696
pip
3,639
Pub
12
RubyGems
913
Rust
918
Swift
38
Unreviewed advisories
All unreviewed
5,000+

21,919 advisories

Loading
OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME` Moderate
CVE-2025-29914 was published for github.com/corazawaf/coraza/v3 (Go) Mar 20, 2025
blotus
Liferay Portal and Liferay DXP Reveals Data via Forms Moderate
CVE-2025-2565 was published for com.liferay.portal:release.dxp.bom (Maven) Mar 20, 2025
Kubernetes kube-apiserver Vulnerable to Race Condition Low
CVE-2024-7598 was published for k8s.io/kubernetes/cmd/kube-apiserver (Go) Mar 20, 2025
MLflow Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2025-1473 was published for mlflow (pip) Mar 20, 2025
MLflow has Weak Password Requirements Low
CVE-2025-1474 was published for mlflow (pip) Mar 20, 2025
Apache Druid vulnerable to Server-Side Request Forgery, Cross-site Scripting, Open Redirect Moderate
CVE-2025-27888 was published for org.apache.druid:druid (Maven) Mar 20, 2025
Aim Uncontrolled Resource Consumption vulnerability High
CVE-2025-0189 was published for aim (pip) Mar 20, 2025
Aim Excessive Data Query Operations in a Large Data Table vulnerability High
CVE-2025-0190 was published for aim (pip) Mar 20, 2025
Ollama Denial of Service (DoS) via Null Pointer Dereference High
CVE-2025-0312 was published for github.com/ollama/ollama (Go) Mar 20, 2025
MLflow Uncontrolled Resource Consumption vulnerability Moderate
CVE-2025-0453 was published for mlflow (pip) Mar 20, 2025
Ollama Allocation of Resources Without Limits or Throttling vulnerability High
CVE-2025-0315 was published for github.com/ollama/ollama (Go) Mar 20, 2025
Ollama Divide By Zero vulnerability High
CVE-2025-0317 was published for github.com/ollama/ollama (Go) Mar 20, 2025
LiteLLM Has a Leakage of Langfuse API Keys High
CVE-2025-0330 was published for litellm (pip) Mar 20, 2025
SageMaker Workflow component allows possibility of MD5 hash collisions Moderate
CVE-2025-0508 was published for sagemaker (pip) Mar 20, 2025
LiteLLM Has an Improper Authorization Vulnerability High
CVE-2025-0628 was published for litellm (pip) Mar 20, 2025
D-Tale Command Injection vulnerability Critical
CVE-2025-0655 was published for dtale (pip) Mar 20, 2025
ZenML unauthenticated DoS via Multipart Boundry High
CVE-2024-9340 was published for zenml (pip) Mar 20, 2025
LiteLLM Reveals Portion of API Key via a Logging File High
CVE-2024-9606 was published for litellm (pip) Mar 20, 2025
Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability High
CVE-2024-9840 was published for open-webui (npm) Mar 20, 2025
Kedro deserialization vulnerability Critical
CVE-2024-9701 was published for kedro (pip) Mar 20, 2025
LocalAI Cross-Site Scripting (XSS) vulnerability in its search functionality Moderate
CVE-2024-9900 was published for github.com/mudler/LocalAI (Go) Mar 20, 2025
vLLM deserialization vulnerability in vllm.distributed.GroupCoordinator.recv_object Critical
CVE-2024-9052 was published for vllm (pip) Mar 20, 2025
vLLM allows Remote Code Execution by Pickle Deserialization via AsyncEngineRPCServer() RPC server entrypoints Critical
CVE-2024-9053 was published for vllm (pip) Mar 20, 2025
BentoML Denial of Service (DoS) via Multipart Boundary High
CVE-2024-9056 was published for bentoml (pip) Mar 20, 2025
BentoML deserialization vulnerability Critical
CVE-2024-9070 was published for bentoml (pip) Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database