Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

2 advisories

Loading
Diffusers has a `trust_remote_code` bypass via `custom_pipeline` and local custom components High
CVE-2026-44513 was published for diffusers (pip) May 7, 2026
hlky Credited to hlky and Vancir Vancir Vancir
vLLM vulnerable to remote code execution via transformers_utils/get_config High
CVE-2025-66448 was published for vllm (pip) Dec 2, 2025
Vancir Credited to Vancir, Isotr0py, DarkLight1337, and russellb Isotr0py Isotr0py
DarkLight1337 DarkLight1337 russellb russellb
ProTip! Advisories are also available from the GraphQL API