Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,150
Maven
5,000+
npm
3,815
NuGet
690
pip
3,490
Pub
12
RubyGems
902
Rust
900
Swift
38
Unreviewed advisories
All unreviewed
5,000+

5 advisories

Loading
Duplicate Advisory: Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis Moderate
GHSA-hw34-rqc5-h2gm was published for picklescan (pip) Mar 3, 2025 withdrawn
PyTorch Model Files Can Bypass Pickle Scanners via Unexpected Pickle Extensions Moderate
CVE-2025-1889 was published for picklescan (pip) Mar 3, 2025
madgetr
Matrix Tafnit v8 - CWE-646: Reliance on File Name or Extension of Externally-Supplied File Moderate Unreviewed
CVE-2024-38432 was published Jul 30, 2024
A CWE-646 “Reliance on File Name or Extension of Externally-Supplied File” vulnerability in the ... Moderate Unreviewed
CVE-2023-45599 was published Mar 5, 2024
Akuvox E11 does not ensure that a file extension is associated with the file provided. This could... Moderate Unreviewed
CVE-2023-0350 was published Mar 13, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database