GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
43 advisories
Picklescan missing detection when calling built-in python library function timeit.timeit()
Moderate
GHSA-v7x6-rv5q-mhwc
was published
for
picklescan
(pip)
Apr 7, 2025
Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate
High
CVE-2025-46417
was published
for
picklescan
(pip)
Apr 7, 2025
Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis
Moderate
CVE-2025-1716
was published
for
picklescan
(pip)
Mar 3, 2025
Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion
High
CVE-2024-54149
was published
for
winter/wn-cms-module
(Composer)
Dec 9, 2024
HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through
High
CVE-2024-52595
was published
for
lxml-html-clean
(pip)
Nov 19, 2024
Wasmtime doesn't fully sandbox all the Windows device filenames
Low
CVE-2024-51745
was published
for
wasmtime
(Rust)
Nov 5, 2024
Ankitects Anki LaTeX Blocklist Bypass vulnerability
Low
CVE-2024-32152
was published
for
anki
(pip)
Jul 22, 2024
KaTeX missing normalization of the protocol in URLs allows bypassing forbidden protocols
Moderate
CVE-2024-28246
was published
for
katex
(npm)
Mar 25, 2024
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
Critical
CVE-2023-45133
was published
for
@babel/traverse
(npm)
Oct 16, 2023
SvelteKit vulnerable to Cross-Site Request Forgery
High
CVE-2023-29003
was published
for
@sveltejs/kit
(npm)
Apr 4, 2023
Cortex's Alertmanager can expose local files content via specially crafted config
Moderate
CVE-2022-23536
was published
for
github.com/cortexproject/cortex
(Go)
Dec 19, 2022
Agent-to-controller access control allows reading/writing most content of build directories in Jenkins
Critical
CVE-2021-21697
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API