GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,709 advisories
CBORDecoder reuse can leak shareable values across decode calls
Moderate
CVE-2025-68131
was published
for
cbor2
(pip)
Dec 31, 2025
Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran._eval_length
Moderate
GHSA-6556-fwc2-fg2p
was published
for
picklescan
(pip)
Dec 30, 2025
Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.param_eval
Moderate
GHSA-cffc-mxrf-mhh4
was published
for
picklescan
(pip)
Dec 29, 2025
Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service
Moderate
CVE-2025-67743
was published
for
local-deep-research
(pip)
Dec 23, 2025
Cowrie has a SSRF vulnerability in wget/curl emulation enabling DDoS amplification
Moderate
CVE-2025-34469
was published
for
cowrie
(pip)
Dec 20, 2025
FastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSO
Moderate
CVE-2025-68481
was published
for
fastapi-users
(pip)
Dec 19, 2025
filelock has a TOCTOU race condition which allows symlink attacks during lock file creation
Moderate
CVE-2025-68146
was published
for
filelock
(pip)
Dec 16, 2025
ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay
Moderate
CVE-2025-68113
was published
for
altcha
(RubyGems)
Dec 16, 2025
Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)
Moderate
CVE-2025-67715
was published
for
Weblate
(pip)
Dec 15, 2025
Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration
Moderate
CVE-2025-67492
was published
for
Weblate
(pip)
Dec 15, 2025
Pyrofork has a Path Traversal in download_media Method
Moderate
CVE-2025-67720
was published
for
pyrofork
(pip)
Dec 10, 2025
HTTP/HTTPS Traffic Interception Bypass in mad-proxy
Moderate
CVE-2025-67485
was published
for
mad-proxy
(pip)
Dec 9, 2025
Open Redirect Vulnerability in Taguette
Moderate
CVE-2025-67502
was published
for
taguette
(pip)
Dec 9, 2025
NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content
Moderate
CVE-2025-66470
was published
for
nicegui
(pip)
Dec 8, 2025
ProTip!
Advisories are also available from the
GraphQL API