GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
61 advisories
Fickling has a detection bypass via stdlib network-protocol constructors
Low
GHSA-83pf-v6qq-pwmr
was published
for
fickling
(pip)
Feb 20, 2026
OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags
Low
GHSA-4685-c5cp-vp95
was published
for
openclaw
(npm)
Feb 19, 2026
Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER
High
GHSA-97f8-7cmv-76j2
was published
for
picklescan
(pip)
Feb 18, 2026
FUXA Affected by a Path Traversal Sanitization Bypass
High
CVE-2026-25951
was published
for
fuxa-server
(npm)
Feb 10, 2026
Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist
High
CVE-2026-22609
was published
for
fickling
(pip)
Jan 9, 2026
Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection
High
CVE-2026-22608
was published
for
fickling
(pip)
Jan 9, 2026
Fickling Blocklist Bypass: cProfile.run()
High
CVE-2026-22607
was published
for
fickling
(pip)
Jan 9, 2026
Fickling has a bypass via runpy.run_path() and runpy.run_module()
High
CVE-2026-22606
was published
for
fickling
(pip)
Jan 9, 2026
Picklescan has Incomplete List of Disallowed Inputs
High
GHSA-84r2-jw7c-4r5q
was published
for
picklescan
(pip)
Dec 29, 2025
Picklescan does not block ctypes
High
GHSA-4675-36f9-wf6r
was published
for
picklescan
(pip)
Dec 29, 2025
Fickling has Code Injection vulnerability via pty.spawn()
High
CVE-2025-67748
was published
for
fickling
(pip)
Dec 15, 2025
Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list
High
CVE-2025-67747
was published
for
fickling
(pip)
Dec 15, 2025
Improper Validation of Query Parameters in Auth0 Next.js SDK
Low
CVE-2025-67716
was published
for
@auth0/nextjs-auth0
(npm)
Dec 10, 2025
PrestaShop Checkout Target PayPal merchant account hijacking from backoffice
Low
CVE-2025-61924
was published
for
prestashop/ps_checkout
(Composer)
Oct 16, 2025
Picklescan missing detection when calling built-in python library function timeit.timeit()
Moderate
GHSA-v7x6-rv5q-mhwc
was published
for
picklescan
(pip)
Apr 7, 2025
Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate
High
CVE-2025-46417
was published
for
picklescan
(pip)
Apr 7, 2025
Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis
Moderate
CVE-2025-1716
was published
for
picklescan
(pip)
Mar 3, 2025
ProTip!
Advisories are also available from the
GraphQL API