GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
126 advisories
Picklescan does not block ctypes
High
GHSA-4675-36f9-wf6r
was published
for
picklescan
(pip)
Dec 29, 2025
Fickling has Code Injection vulnerability via pty.spawn()
High
CVE-2025-67748
was published
for
fickling
(pip)
Dec 15, 2025
Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list
High
CVE-2025-67747
was published
for
fickling
(pip)
Dec 15, 2025
Improper Validation of Query Parameters in Auth0 Next.js SDK
Low
CVE-2025-67716
was published
for
@auth0/nextjs-auth0
(npm)
Dec 10, 2025
PrestaShop Checkout Target PayPal merchant account hijacking from backoffice
Low
CVE-2025-61924
was published
for
prestashop/ps_checkout
(Composer)
Oct 16, 2025
Picklescan missing detection when calling built-in python library function timeit.timeit()
Moderate
GHSA-v7x6-rv5q-mhwc
was published
for
picklescan
(pip)
Apr 7, 2025
Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate
High
CVE-2025-46417
was published
for
picklescan
(pip)
Apr 7, 2025
Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis
Moderate
CVE-2025-1716
was published
for
picklescan
(pip)
Mar 3, 2025
Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion
High
CVE-2024-54149
was published
for
winter/wn-cms-module
(Composer)
Dec 9, 2024
HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through
High
CVE-2024-52595
was published
for
lxml-html-clean
(pip)
Nov 19, 2024
Wasmtime doesn't fully sandbox all the Windows device filenames
Low
CVE-2024-51745
was published
for
wasmtime
(Rust)
Nov 5, 2024
Ankitects Anki LaTeX Blocklist Bypass vulnerability
Low
CVE-2024-32152
was published
for
anki
(pip)
Jul 22, 2024
KaTeX missing normalization of the protocol in URLs allows bypassing forbidden protocols
Moderate
CVE-2024-28246
was published
for
katex
(npm)
Mar 25, 2024
ProTip!
Advisories are also available from the
GraphQL API