Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,679
Erlang
34
GitHub Actions
26
Go
2,268
Maven
5,000+
npm
3,923
NuGet
705
pip
3,686
Pub
12
RubyGems
916
Rust
944
Swift
38
Unreviewed advisories
All unreviewed
5,000+

8 advisories

Loading
phi4mm: Quadratic Time Complexity in Input Token Processing​ leads to denial of service Moderate
CVE-2025-46560 was published for vllm (pip) Apr 29, 2025
kexinoh d3do-23
lonelyuan russellb DarkLight1337 Isotr0py
vLLM Vulnerable to Remote Code Execution via Mooncake Integration Critical
CVE-2025-32444 was published for vllm (pip) Apr 29, 2025
kexinoh ShangmingCai
russellb
Data exposure via ZeroMQ on multi-node vLLM deployment High
CVE-2025-30202 was published for vllm (pip) Apr 29, 2025
russellb kexinoh
pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting Moderate
CVE-2024-47829 was published for pnpm (npm) Apr 23, 2025
kexinoh
vLLM Allows Remote Code Execution via Mooncake Integration Critical
CVE-2025-29783 was published for vllm (pip) Mar 19, 2025
JosephTLucas russellb
kexinoh
vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache Low
CVE-2025-25183 was published for vllm (pip) Feb 6, 2025
kexinoh russellb
Beego has Collision Hazards of MD5 in Cache Key Filenames Moderate
CVE-2024-55885 was published for github.com/beego/beego (Go) Dec 12, 2024
kexinoh
Tornado has an HTTP cookie parsing DoS vulnerability High
CVE-2024-52804 was published for tornado (pip) Nov 22, 2024
kexinoh
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database