GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,770 advisories
rfc3161-client has insufficient verification for timestamp response signatures
Critical
GHSA-6qhv-4h7r-2g9m
was published
for
rfc3161-client
(pip)
Jun 20, 2025
vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py`
Moderate
CVE-2025-48887
was published
for
vllm
(pip)
May 28, 2025
urllib3 does not control redirects in browsers and Node.js
Moderate
CVE-2025-50182
was published
for
urllib3
(pip)
Jun 18, 2025
urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation
Moderate
CVE-2025-50181
was published
for
urllib3
(pip)
Jun 18, 2025
Vyper: reversed order of side effects for some operations
Moderate
CVE-2023-40015
was published
for
vyper
(pip)
Sep 4, 2023
PyTorch Improper Resource Shutdown or Release vulnerability
Moderate
CVE-2025-3730
was published
for
torch
(pip)
Apr 16, 2025
Weblate lacks rate limiting when verifying second factor
Moderate
CVE-2025-47951
was published
for
weblate
(pip)
Jun 16, 2025
Weblate exposes personal IP address via e-mail
Low
CVE-2025-49134
was published
for
weblate
(pip)
Jun 16, 2025
pycares has a Use-After-Free Vulnerability
Moderate
GHSA-5qpg-rh4j-qp35
was published
for
pycares
(pip)
Jun 16, 2025
AstrBot Has Path Traversal Vulnerability in /api/chat/get_file
High
CVE-2025-48957
was published
for
astrbot
(pip)
Jun 4, 2025
ProTip!
Advisories are also available from the
GraphQL API