GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4,099 advisories
arcade-mcp-server Has Default Hardcoded Worker Secret That Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints
Moderate
CVE-2025-66454
was published
for
arcade-mcp-server
(pip)
Dec 2, 2025
vLLM vulnerable to remote code execution via transformers_utils/get_config
High
CVE-2025-66448
was published
for
vllm
(pip)
Dec 2, 2025
Keras Directory Traversal Vulnerability
High
CVE-2025-12060
was published
for
keras
(pip)
Dec 2, 2025
Werkzeug safe_join() allows Windows special device names
Moderate
CVE-2025-66221
was published
for
werkzeug
(pip)
Dec 2, 2025
Spotipy has a XSS vulnerability in its OAuth callback server
Low
CVE-2025-66040
was published
for
spotipy
(pip)
Dec 1, 2025
fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib
Moderate
CVE-2025-66034
was published
for
fonttools
(pip)
Dec 1, 2025
Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack
Critical
CVE-2025-62593
was published
for
ray
(pip)
Nov 26, 2025
Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch
Moderate
CVE-2025-1945
was published
for
picklescan
(pip)
Mar 10, 2025
Zip Exploit Crashes Picklescan But Not PyTorch
Moderate
CVE-2025-1944
was published
for
picklescan
(pip)
Mar 10, 2025
ProTip!
Advisories are also available from the
GraphQL API