GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
9 advisories
Indico has Server-Side Request Forgery (SSRF) in multiple places
Moderate
CVE-2026-25738
was published
for
indico
(pip)
Feb 17, 2026
OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication
Moderate
CVE-2026-23892
was published
for
OctoPrint
(pip)
Jan 27, 2026
Werkzeug safe_join() allows Windows special device names with compound extensions
Moderate
CVE-2026-21860
was published
for
Werkzeug
(pip)
Jan 8, 2026
MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download
Moderate
CVE-2026-21851
was published
for
monai
(pip)
Jan 6, 2026
lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()
High
CVE-2025-67729
was published
for
lmdeploy
(pip)
Dec 26, 2025
Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service
Moderate
CVE-2025-67743
was published
for
local-deep-research
(pip)
Dec 23, 2025
Pyrofork has a Path Traversal in download_media Method
Moderate
CVE-2025-67720
was published
for
pyrofork
(pip)
Dec 10, 2025
Open Redirect Vulnerability in Taguette
Moderate
CVE-2025-67502
was published
for
taguette
(pip)
Dec 9, 2025
Spotipy has a XSS vulnerability in its OAuth callback server
Low
CVE-2025-66040
was published
for
spotipy
(pip)
Dec 1, 2025
ProTip!
Advisories are also available from the
GraphQL API