Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

4 advisories

Loading
vLLM vulnerable to Server-Side Request Forgery (SSRF) through MediaConnector High
CVE-2026-24779 was published for vllm (pip) Jan 28, 2026
leishilong Credited to leishilong, leung-yao, Isotr0py, and russellb leung-yao leung-yao
Isotr0py Isotr0py russellb russellb
vLLM vulnerable to remote code execution via transformers_utils/get_config High
CVE-2025-66448 was published for vllm (pip) Dec 2, 2025
Vancir Credited to Vancir, Isotr0py, DarkLight1337, and russellb Isotr0py Isotr0py
DarkLight1337 DarkLight1337 russellb russellb
vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs High
CVE-2025-62372 was published for vllm (pip) Nov 20, 2025
DarkLight1337 Credited to DarkLight1337, ywang96, Isotr0py, and russellb ywang96 ywang96
Isotr0py Isotr0py russellb russellb
vLLM deserialization vulnerability leading to DoS and potential RCE High
CVE-2025-62164 was published for vllm (pip) Nov 20, 2025
omriaxion Credited to omriaxion, russellb, DarkLight1337, Isotr0py, ywang96, and davidatom russellb russellb
DarkLight1337 DarkLight1337 Isotr0py Isotr0py ywang96 ywang96 davidatom davidatom
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database