GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,338
Maven
5,000+
npm
5,000+
NuGet
1,031
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,497
Swift
61
Unreviewed advisories
All unreviewed
5,000+
33 advisories
Filter by severity
Ankitects Anki LaTeX Blocklist Bypass vulnerability
Low
CVE-2024-32152
was published
for
anki
(pip)
Jul 22, 2024
HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through
High
CVE-2024-52595
was published
for
lxml-html-clean
(pip)
Nov 19, 2024
Duplicate Advisory: Remote Code Execution via Malicious Pickle File Bypassing Static Analysis
Moderate
GHSA-vr75-hjh9-7fr6
was published
for
picklescan
(pip)
Mar 3, 2025
•
withdrawn
Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis
Moderate
CVE-2025-1716
was published
for
picklescan
(pip)
Mar 3, 2025
Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate
High
CVE-2025-46417
was published
for
picklescan
(pip)
Apr 7, 2025
Picklescan missing detection when calling built-in python library function timeit.timeit()
Moderate
GHSA-v7x6-rv5q-mhwc
was published
for
picklescan
(pip)
Apr 7, 2025
Duplicate Advisory: Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate
Moderate
GHSA-4p4h-9gvq-7xfg
was published
for
picklescan
(pip)
Apr 24, 2025
•
withdrawn
Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list
High
CVE-2025-67747
was published
for
fickling
(pip)
Dec 15, 2025
Fickling has Code Injection vulnerability via pty.spawn()
High
CVE-2025-67748
was published
for
fickling
(pip)
Dec 15, 2025
Picklescan does not block ctypes
High
CVE-2025-71323
was published
for
picklescan
(pip)
Dec 29, 2025
Picklescan has Incomplete List of Disallowed Inputs
High
CVE-2025-71320
was published
for
picklescan
(pip)
Dec 29, 2025
libsodium has Incomplete List of Disallowed Inputs
Moderate
CVE-2025-69277
was published
for
PyNaCl
(Composer)
Dec 31, 2025
Fickling has a bypass via runpy.run_path() and runpy.run_module()
High
CVE-2026-22606
was published
for
fickling
(pip)
Jan 9, 2026
Fickling Blocklist Bypass: cProfile.run()
High
CVE-2026-22607
was published
for
fickling
(pip)
Jan 9, 2026
Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection
High
CVE-2026-22608
was published
for
fickling
(pip)
Jan 9, 2026
Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist
High
CVE-2026-22609
was published
for
fickling
(pip)
Jan 9, 2026
Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER
High
CVE-2026-53875
was published
for
picklescan
(pip)
Feb 18, 2026
Fickling has a detection bypass via stdlib network-protocol constructors
Low
GHSA-83pf-v6qq-pwmr
was published
for
fickling
(pip)
Feb 20, 2026
Fickling has safety check bypass via REDUCE+BUILD opcode sequence
Moderate
GHSA-mhc9-48gj-9gp3
was published
for
fickling
(pip)
Feb 25, 2026
PickleScan's profile.run blocklist mismatch allows exec() bypass
Critical
CVE-2026-53873
was published
for
picklescan
(pip)
Mar 3, 2026
PickleScan has multiple stdlib modules with direct RCE not in blocklist
Critical
GHSA-g38g-8gr9-h9xp
was published
for
picklescan
(pip)
Mar 3, 2026
Fickling missing RCE-capable modules in UNSAFE_IMPORTS
High
GHSA-5hwf-rc88-82xm
was published
for
fickling
(pip)
Mar 4, 2026
SageMaker Python SDK replaced eval() with safe parser in JumpStart search functionality
High
GHSA-5r2p-pjr8-7fh7
was published
for
sagemaker
(pip)
Mar 5, 2026
fickling modules linecache, difflib and gc are missing from the unsafe modules blocklist
Moderate
GHSA-r48f-3986-4f9c
was published
for
fickling
(pip)
Mar 13, 2026
fickling's `platform` module subprocess invocation evades `check_safety()` with `LIKELY_SAFE`
Moderate
GHSA-5cxw-w2xg-2m8h
was published
for
fickling
(pip)
Mar 13, 2026
ProTip!
Advisories are also available from the
GraphQL API