Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,778
Maven
5,000+
npm
4,379
NuGet
770
pip
4,150
Pub
12
RubyGems
963
Rust
1,071
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3 advisories

Loading
LangChain serialization injection vulnerability enables secret extraction High
CVE-2025-68665 was published for @langchain/core (npm) Dec 23, 2025
ccurme mdrxy
0xn3va yardenporat353 VladimirEliTokarev hntrl siewer jacoblee93
Credited to ccurme, mdrxy, 0xn3va, yardenporat353, VladimirEliTokarev, hntrl, siewer, and jacoblee93
LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs Critical
CVE-2025-68664 was published for langchain-core (pip) Dec 23, 2025
0xn3va yardenporat353
VladimirEliTokarev eyurtsev ccurme mdrxy hntrl
Credited to 0xn3va, yardenporat353, VladimirEliTokarev, eyurtsev, ccurme, mdrxy, and hntrl
LangGraph's SQLite is vulnerable to SQL injection via metadata filter key in SQLite checkpointer list method High
CVE-2025-67644 was published for langgraph-checkpoint-sqlite (pip) Dec 10, 2025
VladimirEliTokarev yardenporat353
hawkeyetw
Credited to VladimirEliTokarev, yardenporat353, and hawkeyetw
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database