GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,683 advisories
marimo vulnerable to proxy abuse of /mpl/{port}/
Moderate
GHSA-xjv7-6w92-42r7
was published
for
marimo
(pip)
Oct 1, 2025
mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders
Moderate
CVE-2025-59940
was published
for
mkdocs-include-markdown-plugin
(pip)
Sep 29, 2025
pip's fallback tar extraction doesn't check symbolic links point to extraction directory
Moderate
CVE-2025-8869
was published
for
pip
(pip)
Sep 24, 2025
CodeChecker has a buffer overflow in the log command
Moderate
CVE-2025-40843
was published
for
codechecker
(pip)
Sep 22, 2025
mcp-kubernetes-server has a Command Injection vulnerability
Moderate
CVE-2025-59376
was published
for
mcp-kubernetes-server
(pip)
Sep 15, 2025
Infrahub: Deleted and expired API tokens can still authenticate
Moderate
CVE-2025-59036
was published
for
infrahub-server
(pip)
Sep 10, 2025
Indico vulnerable to Cross-Site Scripting via LaTeX math code
Moderate
CVE-2025-59035
was published
for
indico
(pip)
Sep 10, 2025
Indico may disclose unauthorized user details access via legacy API
Moderate
CVE-2025-59034
was published
for
indico
(pip)
Sep 10, 2025
SGLang Remote Code Execution Vulnerability via Unsafe Deserialization in update_weights_from_tensor
Moderate
CVE-2025-10164
was published
for
sglang
(pip)
Sep 9, 2025
Fides Webserver API Rate Limiting Vulnerability in Proxied Environments
Moderate
CVE-2025-57816
was published
for
ethyca-fides
(pip)
Sep 8, 2025
xgrammar vulnerable to denial of service by huge enum grammar
Moderate
CVE-2025-58446
was published
for
xgrammar
(pip)
Sep 5, 2025
MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction
Moderate
CVE-2025-58162
was published
for
mobsf
(pip)
Sep 2, 2025
Local Deep Research's API keys are stored in plain text
Moderate
CVE-2025-57806
was published
for
local-deep-research
(pip)
Sep 2, 2025
Eventlet affected by HTTP request smuggling in unparsed trailers
Moderate
CVE-2025-58068
was published
for
eventlet
(pip)
Aug 29, 2025
ProTip!
Advisories are also available from the
GraphQL API