GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,688 advisories
Synapse's invalid device keys degrade federation functionality
Moderate
CVE-2025-61672
was published
for
matrix-synapse
(pip)
Oct 8, 2025
vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server
Moderate
CVE-2025-61620
was published
for
vllm
(pip)
Oct 7, 2025
python-socketio vulnerable to arbitrary Python code execution (RCE) through malicious pickle deserialization in certain multi-server deployments
Moderate
CVE-2025-61765
was published
for
python-socketio
(pip)
Oct 7, 2025
marimo vulnerable to proxy abuse of /mpl/{port}/
Moderate
GHSA-xjv7-6w92-42r7
was published
for
marimo
(pip)
Oct 1, 2025
mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders
Moderate
CVE-2025-59940
was published
for
mkdocs-include-markdown-plugin
(pip)
Sep 29, 2025
pip's fallback tar extraction doesn't check symbolic links point to extraction directory
Moderate
CVE-2025-8869
was published
for
pip
(pip)
Sep 24, 2025
CodeChecker has a buffer overflow in the log command
Moderate
CVE-2025-40843
was published
for
codechecker
(pip)
Sep 22, 2025
mcp-kubernetes-server has a Command Injection vulnerability
Moderate
CVE-2025-59376
was published
for
mcp-kubernetes-server
(pip)
Sep 15, 2025
Infrahub: Deleted and expired API tokens can still authenticate
Moderate
CVE-2025-59036
was published
for
infrahub-server
(pip)
Sep 10, 2025
Indico vulnerable to Cross-Site Scripting via LaTeX math code
Moderate
CVE-2025-59035
was published
for
indico
(pip)
Sep 10, 2025
Indico may disclose unauthorized user details access via legacy API
Moderate
CVE-2025-59034
was published
for
indico
(pip)
Sep 10, 2025
SGLang Remote Code Execution Vulnerability via Unsafe Deserialization in update_weights_from_tensor
Moderate
CVE-2025-10164
was published
for
sglang
(pip)
Sep 9, 2025
ProTip!
Advisories are also available from the
GraphQL API