Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

Security Advisories

Browse security advisories and track which Dependabot PRs address them.

RSS Feed

24,784

Total Advisories

1,790

With Dependabot PRs

3,506

Critical Severity

8,617

High Severity

Clear All Filters
TkEasyGUI Vulnerable to OS Command Injection
GHSA-hfrj-3w3g-jv32 CVE-2025-55037 CRITICAL 3 months ago
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in TkEasyGUI versions prior to v1.0.22. If ...
pypi
No PRs yet
Pixar OpenUSD Sdf_PathNode Module Use-After-Free Vulnerability Leading to Potential Remote Code Execution
GHSA-58p5-r2f6-g2cj CRITICAL 3 months ago
### Summary A Use-After-Free (UAF) vulnerability has been discovered in the Sdf_PathNode module of the Pixar OpenUSD library. This issue occurs dur...
pypi
No PRs yet
Weblate has a long session expiry when verifying second factor
GHSA-377j-wj38-4728 CVE-2025-58352 LOW 3 months ago
### Impact The verification of the second factor had too long a session expiry. The long session expiry could be used to circumvent rate limiting o...
pypi
No PRs yet
Langchain Community Vulnerable to XML External Entity (XXE) Attacks
GHSA-pc6w-59fv-rh23 CVE-2025-6984 HIGH 3 months ago
The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity (XXE) attacks due to insecure X...
pypi
No PRs yet
DeepDiff Class Pollution in Delta class leading to DoS, Remote Code Execution, and more
GHSA-mw26-5g2v-hqw3 CVE-2025-58367 CRITICAL 3 months ago
### Summary [Python class pollution](https://blog.abdulrah33m.com/prototype-pollution-in-python/) is a novel vulnerability categorized under [CWE-9...
pypi
1
Dependabot PRs
MobSF Path Traversal in GET /download/<filename> using absolute filenames
GHSA-ccc3-fvfx-mw3v CVE-2025-58161 LOW 3 months ago
### Summary The GET /download/<filename> route uses string path verification via os.path.commonprefix, which allows an authenticated user to downlo...
pypi
No PRs yet
MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction
GHSA-9gh8-9r95-3fc3 CVE-2025-58162 MODERATE 3 months ago
### Summary The vulnerability allows any user to overwrite any files available under the account privileges of the running process. ### Details As...
pypi
No PRs yet
ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header
GHSA-mxh2-ccgj-8635 CVE-2025-57808 HIGH 3 months ago
### Summary On the ESP-IDF platform, ESPHome's [`web_server` authentication](https://esphome.io/components/web_server.html#configuration-variables)...
pypi
No PRs yet
Local Deep Research's API keys are stored in plain text
GHSA-4h8c-qrcq-cv5c CVE-2025-57806 MODERATE 3 months ago
**Affected Versions:** > 0.2.0 and < 1.0.0 **Patched Versions:** >= 1.0.0 **Description:** The library stored confidential information, including...
pypi
No PRs yet
Eventlet affected by HTTP request smuggling in unparsed trailers
GHSA-hw6f-rjfj-j7j7 CVE-2025-58068 MODERATE 3 months ago
### Impact The Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability ...
pypi
No PRs yet
Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata
GHSA-m54q-mm9w-fp6g CVE-2025-55304 LOW 3 months ago
### Impact A denial-of-service was found in Exiv2 version v0.28.5: a quadratic algorithm in the ICC profile parsing code in `jpegBase::readMetadata...
pypi
No PRs yet
Exiv2 Segmentation Faults in Exiv2::EpsImage::writeMetadata() via crafted EPS file
GHSA-496f-x7cq-cq39 CVE-2025-54080 LOW 3 months ago
### Impact An out-of-bounds read was found in Exiv2 versions v0.28.5 and earlier. Exiv2 is a command-line utility and C++ library for reading, writ...
pypi
No PRs yet
Picklescan is missing detection when calling built-in python library asyncio.unix_events._UnixSubprocessTransport._start
GHSA-q77w-mwjj-7mqx MODERATE 3 months ago
### Summary Using asyncio.unix_events._UnixSubprocessTransport._start function, which is a built-in python library function to execute remote pick...
pypi
No PRs yet
Picklescan is missing detection when calling built-in python cProfile.run
GHSA-49gj-c84q-6qm9 MODERATE 3 months ago
### Summary Using cProfile.run function, which is a built-in python library function to execute remote pickle file. ### Details The attack paylo...
pypi
No PRs yet
Picklescan is missing detection when calling built-in python cProfile.runctx
GHSA-9w88-8rmg-7g2p MODERATE 3 months ago
### Summary Using cProfile.runctx function, which is a built-in python library function to execute remote pickle file. ### Details The attack pa...
pypi
No PRs yet
Picklescan is missing detection when calling built-in python doctest.debug_script
GHSA-fqq6-7vqf-w3fg MODERATE 3 months ago
### Summary Using doctest.debug_script function, which is a built-in python library function to execute remote pickle file. ### Details The atta...
pypi
No PRs yet
Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcode
GHSA-3gf5-cxq9-w223 MODERATE 3 months ago
### Summary Using idlelib.pyshell.ModifiedInterpreter.runcode function, which is a built-in python library function to execute remote pickle file....
pypi
No PRs yet
Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcommand
GHSA-j343-8v2j-ff7w MODERATE 3 months ago
### Summary Using idlelib.pyshell.ModifiedInterpreter.runcommand function, which is a built-in python library function to execute remote pickle fi...
pypi
No PRs yet
Picklescan is missing detection when calling built-in python idlelib.run.Executive.runcode
GHSA-m869-42cg-3xwr MODERATE 3 months ago
### Summary Using idlelib.run.Executive.runcode function, which is a built-in python library function to execute remote pickle file. ### Details ...
pypi
No PRs yet
Picklescan is missing detection when calling built-in python lib2to3.pgen2.pgen.ParserGenerator.make_label
GHSA-p9w7-82w4-7q8m MODERATE 3 months ago
### Summary Using lib2to3.pgen2.pgen.ParserGenerator.make_label function, which is a built-in python library function to execute remote pickle fil...
pypi
No PRs yet
Picklescan is missing detection when calling built-in python ensurepip._run_pip
GHSA-xp4f-hrf8-rxw7 MODERATE 3 months ago
### Summary Using ensurepip._run_pip function, which is a built-in python library function to execute remote pickle file. ### Details The attack...
pypi
No PRs yet
Picklescan is missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_autograd_prof
GHSA-4whj-rm5r-c2v8 MODERATE 3 months ago
### Summary Using torch.utils.bottleneck.\_\_main\_\_.run_autograd_prof function, which is a pytorch library function to execute remote pickle fil...
pypi
No PRs yet
Picklescan has a missing detection when calling built-in python library idlelib.calltip.get_entity
GHSA-9xph-j2h6-g47v MODERATE 3 months ago
### Summary Using idlelib.calltip.get_entity function, which is a built-in python library function to execute remote pickle file. ### Details Th...
pypi
No PRs yet
Picklescan has a missing detection when calling built-in python idlelib.calltip.Calltip
GHSA-8r4j-24qv-fmq9 MODERATE 3 months ago
### Summary Using idlelib.calltip.Calltip.fetch_tip, which is a built-in python library function to execute remote pickle file. ### Details The ...
pypi
No PRs yet
Picklescan has a missing detection when calling built-in python code.InteractiveInterpreter
GHSA-cj3c-v495-4xqh MODERATE 3 months ago
### Summary Using code.InteractiveInterpreter.runcode, which is a built-in python library function to execute remote pickle file. ### Details Th...
pypi
No PRs yet
Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.fetch_completions
GHSA-7cq8-mj8x-j263 MODERATE 3 months ago
### Summary Using idlelib.autocomplete.AutoComplete.fetch_completions, which is a built-in python library function to execute remote pickle file. ...
pypi
No PRs yet
Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.get_entity
GHSA-6w4w-5w54-rjvr MODERATE 3 months ago
### Summary Using idlelib.autocomplete.AutoComplete.get_entity, which is a built-in python library function to execute remote pickle file. ### De...
pypi
No PRs yet
Picklescan has a missing detection when calling built-in python idlelib.debugobj.ObjectTreeItem
GHSA-3vg9-h568-4w9m MODERATE 3 months ago
### Summary Using idlelib.debugobj.ObjectTreeItem.SetText, which is a built-in python library function to execute remote pickle file. ### Details...
pypi
No PRs yet
Picklescan has a missing detection when calling built-in python lib2to3.pgen2.grammar.Grammar.loads
GHSA-f54q-57x4-jg88 MODERATE 3 months ago
### Summary Using lib2to3.pgen2.grammar.Grammar.loads, which is a built-in python library function to execute remote pickle file. ### Details Th...
pypi
No PRs yet
Picklescan has a missing detection when calling built-in python profile.Profile.runctx
GHSA-6vqj-c2q5-j97w MODERATE 3 months ago
### Summary Using profile.Profile.runctx, which is a built-in python library function to execute remote pickle file. ### Details The attack payl...
pypi
No PRs yet
Picklescan has a missing detection when calling built-in python profile.Profile.run
GHSA-x696-vm39-cp64 MODERATE 3 months ago
### Summary Using profile.Profile.run, which is a built-in python library function to execute remote pickle file. ### Details The attack payload...
pypi
No PRs yet
Picklescan has a missing detection when calling built-in python trace.Trace.runctx
GHSA-g344-hcph-8vgg MODERATE 3 months ago
### Summary Using trace.Trace.runctx, which is a built-in python library function to execute remote pickle file. ### Details The attack payload ...
pypi
No PRs yet
Picklescan has a missing detection when calling built-in python trace.Trace.run
GHSA-5qwp-399c-mjwf MODERATE 3 months ago
### Summary Using trace.Trace.run, which is a built-in python library function to execute remote pickle file. ### Details The attack payload exe...
pypi
No PRs yet
xml2rfc has an arbitrary file read vulnerability
GHSA-cfmv-h8fx-85m7 CVE-2025-11058 HIGH 3 months ago
### Impact When generating PDF files, this vulnerability allows an attacker to read arbitrary files from the filesystem by injecting malicious link...
pypi
No PRs yet
LlamaIndex affected by a Denial of Service (DOS) in JSONReader
GHSA-7753-xrfw-ch36 CVE-2025-5302 HIGH 3 months ago
A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The...
pypi
No PRs yet
mitmproxy binaries embed a vulnerable python-hyper/h2 dependency
GHSA-63cx-g855-hvv4 MODERATE 3 months ago
mitmproxy 12.1.1 and below embed python-hyper/h2 ≤ v4.2.0, which has a gap in its HTTP/2 header validation. This enables request smuggling attacks ...
pypi
No PRs yet
h2 allows HTTP Request Smuggling due to illegal characters in headers
GHSA-847f-9342-265h CVE-2025-57804 MODERATE 3 months ago
### Summary HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers...
pypi
No PRs yet
XGrammar affected by Denial of Service by infinite recursion grammars
GHSA-5cmr-4px5-23pc CVE-2025-57809 HIGH 3 months ago
### Summary This issue: http://github.com/mlc-ai/xgrammar/issues/250 should have it's own security advisory. Since several tools accept and pass us...
pypi
No PRs yet
Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation (Post-RCE)
GHSA-4gv9-mp8m-592r CVE-2025-57760 HIGH 3 months ago
This vulnerability was discovered by researchers at **Check Point**. We are sharing this report as part of a responsible disclosure process and are...
pypi
No PRs yet
Picklescan missing detection when calling pytorch function torch.utils._config_module.load_config
GHSA-vv6j-3g6g-2pvj MODERATE 3 months ago
### Summary Using torch.utils._config_module.load_config function, which is a pytorch library function to execute remote pickle file. ### Details...
pypi
No PRs yet
Picklescan missing detection when calling pytorch function torch.jit.unsupported_tensor_ops.execWrapper
GHSA-vr7h-p6mm-wpmh MODERATE 3 months ago
### Summary Using torch.jit.unsupported_tensor_ops.execWrapper function, which is a pytorch library function to execute remote pickle file. ### D...
pypi
No PRs yet
Picklescan missing detection when calling pytorch function torch.utils.data.datapipes.utils.decoder.basichandlers
GHSA-h3qp-7fh3-f8h4 MODERATE 3 months ago
### Summary Using torch.utils.data.datapipes.utils.decoder.basichandlers function, which is a pytorch library function to execute remote pickle fi...
pypi
No PRs yet
Picklescan missing detection when calling pytorch function torch.utils.collect_env.run
GHSA-f745-w6jp-hpxx MODERATE 3 months ago
### Summary Using torch.utils.collect_env.run function, which is a pytorch library function to execute remote pickle file. ### Details The attac...
pypi
No PRs yet
Picklescan missing detection when calling pytorch function torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression
GHSA-f4x7-rfwp-v3xw MODERATE 3 months ago
### Summary Using torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression function, which is a pytorch library function to execu...
pypi
No PRs yet
Picklescan missing detection when calling pytorch function torch._dynamo.guards.GuardBuilder.get
GHSA-86cj-95qr-2p4f MODERATE 3 months ago
### Summary Using torch._dynamo.guards.GuardBuilder.get function, which is a pytorch library function to execute remote pickle file. ### Details ...
pypi
No PRs yet
Picklescan missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_cprofile
GHSA-4r9r-ch6f-vxmx MODERATE 3 months ago
### Summary Using torch.utils.bottleneck.__main__.run_cprofile function, which is a pytorch library function to execute remote pickle file. ### ...
pypi
No PRs yet
Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs
GHSA-9gjj-6gj7-c4wj CVE-2025-57751 HIGH 3 months ago
Dear Maintainers, I am writing to you on behalf of the Tencent AI Sec. We have identified a potential vulnerability in one of your products and wou...
pypi
No PRs yet
vLLM has remote code execution vulnerability in the tool call parser for Qwen3-Coder
GHSA-79j6-g2m3-jgfw CVE-2025-9141 HIGH 3 months ago
### Summary An unsafe deserialization vulnerability allows any authenticated user to execute arbitrary code on the server if they are able to get t...
pypi
No PRs yet
vllm API endpoints vulnerable to Denial of Service Attacks
GHSA-rxc4-3w6r-4v47 CVE-2025-48956 HIGH 3 months ago
### Summary A Denial of Service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large header to an HTTP...
pypi
No PRs yet
Copier's safe template has filesystem write access outside destination path
GHSA-p7q8-grrj-3m8w CVE-2025-55214 MODERATE 3 months ago
### Impact Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use [unsafe](https://copier.readthedoc...
pypi
No PRs yet