GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
7 advisories
markdown2 is vulnerable to cross-site scripting
Moderate
CVE-2018-5773
was published
for
markdown2
(pip)
Jul 12, 2018
sigstore has insufficient validation of integration timestamp during verification
Low
CVE-2024-55655
was published
for
sigstore
(pip)
Dec 11, 2024
pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
High
CVE-2024-56327
was published
for
pyrage
(pip)
Dec 19, 2024
rfc3161-client has insufficient verification for timestamp response signatures
Critical
CVE-2025-52556
was published
for
rfc3161-client
(pip)
Jun 20, 2025
uv allows ZIP payload obfuscation through parsing differentials
Moderate
CVE-2025-54368
was published
for
uv
(pip)
Aug 7, 2025
uv has differential in tar extraction with PAX headers
Low
GHSA-w476-p2h3-79g9
was published
for
uv
(pip)
Oct 21, 2025
uv allows ZIP payload obfuscation through parsing differentials
Moderate
GHSA-pqhf-p39g-3x64
was published
for
uv
(pip)
Oct 29, 2025
ProTip!
Advisories are also available from the
GraphQL API