GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4,110 advisories
HTTP/HTTPS Traffic Interception Bypass in mad-proxy
Moderate
CVE-2025-67485
was published
for
mad-proxy
(pip)
Dec 9, 2025
Open Redirect Vulnerability in Taguette
Moderate
CVE-2025-67502
was published
for
taguette
(pip)
Dec 9, 2025
NiceGUI has a path traversal in app.add_media_files() allows arbitrary file read
High
CVE-2025-66645
was published
for
nicegui
(pip)
Dec 9, 2025
NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content
Moderate
CVE-2025-66470
was published
for
nicegui
(pip)
Dec 8, 2025
NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection
Moderate
CVE-2025-66469
was published
for
nicegui
(pip)
Dec 8, 2025
urllib3 streaming API improperly handles highly compressed data
High
CVE-2025-66471
was published
for
urllib3
(pip)
Dec 5, 2025
urllib3 allows an unbounded number of links in the decompression chain
High
CVE-2025-66418
was published
for
urllib3
(pip)
Dec 5, 2025
Open WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/web
High
CVE-2025-65958
was published
for
open-webui
(pip)
Dec 4, 2025
Ansible Community General Collection is vulnerable to exposure of sensitive information
Moderate
CVE-2025-14010
was published
for
ansible
(pip)
Dec 4, 2025
arcade-mcp-server Has Default Hardcoded Worker Secret That Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints
Moderate
CVE-2025-66454
was published
for
arcade-mcp-server
(pip)
Dec 2, 2025
vLLM vulnerable to remote code execution via transformers_utils/get_config
High
CVE-2025-66448
was published
for
vllm
(pip)
Dec 2, 2025
Keras Directory Traversal Vulnerability
High
CVE-2025-12060
was published
for
keras
(pip)
Dec 2, 2025
Werkzeug safe_join() allows Windows special device names
Moderate
CVE-2025-66221
was published
for
werkzeug
(pip)
Dec 2, 2025
Spotipy has a XSS vulnerability in its OAuth callback server
Low
CVE-2025-66040
was published
for
spotipy
(pip)
Dec 1, 2025
fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib
Moderate
CVE-2025-66034
was published
for
fonttools
(pip)
Dec 1, 2025
ProTip!
Advisories are also available from the
GraphQL API