GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,335
Maven
5,000+
npm
5,000+
NuGet
1,031
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,497
Swift
61
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through
High
CVE-2024-52595
was published
for
lxml-html-clean
(pip)
Nov 19, 2024
Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate
High
CVE-2025-46417
was published
for
picklescan
(pip)
Apr 7, 2025
Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list
High
CVE-2025-67747
was published
for
fickling
(pip)
Dec 15, 2025
Fickling has Code Injection vulnerability via pty.spawn()
High
CVE-2025-67748
was published
for
fickling
(pip)
Dec 15, 2025
Picklescan does not block ctypes
High
CVE-2025-71323
was published
for
picklescan
(pip)
Dec 29, 2025
Picklescan has Incomplete List of Disallowed Inputs
High
CVE-2025-71320
was published
for
picklescan
(pip)
Dec 29, 2025
Fickling has a bypass via runpy.run_path() and runpy.run_module()
High
CVE-2026-22606
was published
for
fickling
(pip)
Jan 9, 2026
Fickling Blocklist Bypass: cProfile.run()
High
CVE-2026-22607
was published
for
fickling
(pip)
Jan 9, 2026
Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection
High
CVE-2026-22608
was published
for
fickling
(pip)
Jan 9, 2026
Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist
High
CVE-2026-22609
was published
for
fickling
(pip)
Jan 9, 2026
Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER
High
CVE-2026-53875
was published
for
picklescan
(pip)
Feb 18, 2026
Fickling missing RCE-capable modules in UNSAFE_IMPORTS
High
GHSA-5hwf-rc88-82xm
was published
for
fickling
(pip)
Mar 4, 2026
SageMaker Python SDK replaced eval() with safe parser in JumpStart search functionality
High
GHSA-5r2p-pjr8-7fh7
was published
for
sagemaker
(pip)
Mar 5, 2026
PySpector has a Plugin Sandbox Bypass leads to Arbitrary Code Execution
High
CVE-2026-33139
was published
for
pyspector
(pip)
Mar 18, 2026
`lxml_html_clean.Cleaner` does not strip `javascript:` URLs from namespaced URL attributes
High
CVE-2026-49825
was published
for
lxml_html_clean
(pip)
Jul 8, 2026
ProTip!
Advisories are also available from the
GraphQL API