Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

427 advisories

Loading
Cobbler Improper Validation of Security Tokens Critical
CVE-2018-1000226 was published for cobbler (pip) May 13, 2022
Cobbler vulnerable to arbitrary code execution Critical
CVE-2017-1000469 was published for cobbler (pip) May 14, 2022
weixin-python XML External Entity vulnerability Critical
CVE-2018-25082 was published for weixin-python (pip) Mar 21, 2023
Header injection in TurboGears Critical
CVE-2019-25101 was published for TurboGears (pip) Feb 4, 2023
Gevent allows remote attacker to escalate privileges Critical
CVE-2023-41419 was published for gevent (pip) Sep 25, 2023
pf-billoday
toui allows user-specific variables to be shared between users Critical
CVE-2023-33175 was published for toui (pip) May 24, 2023
langchain vulnerable to arbitrary code execution Critical
CVE-2023-36188 was published for langchain (pip) Jul 6, 2023
MLflow Path Traversal vulnerability Critical
CVE-2023-3765 was published for mlflow (pip) Jul 19, 2023
PandasAI vulnerable to arbitrary code execution Critical
CVE-2023-39661 was published for pandasai (pip) Aug 15, 2023
Ckan remote code execution and private information access via crafted resource ids Critical
CVE-2023-32321 was published for ckan (pip) May 24, 2023
YoloClin
Apache Airflow Hive Provider Beeline remote code execution with Principal Critical
CVE-2023-35797 was published for apache-airflow-providers-apache-hive (pip) Jul 3, 2023
Command injection in PaddlePaddle Critical
CVE-2023-38673 was published for paddlepaddle (pip) Jul 26, 2023
TorchServe Server-Side Request Forgery vulnerability Critical
CVE-2023-43654 was published for torchserve (pip) Oct 2, 2023
Sydent does not verify email server certificates Critical
CVE-2023-38686 was published for matrix-sydent (pip) Jul 31, 2023
MindsDB can be made to not verify SSL certificates Critical
CVE-2023-38699 was published for MindsDB (pip) Aug 1, 2023
truesoni
MLflow allowed arbitrary files to be PUT onto the server Critical
CVE-2023-6015 was published for mlflow (pip) Nov 16, 2023
Ibis PyArrow dependency allows arbitrary code execution when loading a malicious data file Critical
GHSA-x563-6hqv-26mr was published for ibis-framework (pip) Nov 17, 2023
pitrou
Deserialization of Untrusted Data in apache-submarine Critical
CVE-2023-46302 was published for apache-submarine (pip) Nov 20, 2023
SQL injection in Apache Submarine Critical
CVE-2023-37924 was published for apache-submarine (pip) Nov 22, 2023
r3kumar
Openstack Magnum Unsafe Credential Handling Critical
CVE-2016-7404 was published for openstack-magnum (pip) May 24, 2022
Ray Path Traversal vulnerability Critical
CVE-2023-6021 was published for ray (pip) Nov 16, 2023
Ray OS Command Injection vulnerability Critical
CVE-2023-6019 was published for ray (pip) Nov 16, 2023
Ray Missing Authorization vulnerability Critical
CVE-2023-6020 was published for ray (pip) Nov 16, 2023
External Control of File Name or Path in h2oai/h2o-3 Critical
CVE-2023-6569 was published for h2o (pip) Dec 14, 2023
MLflow Server-Side Request Forgery (SSRF) Critical
CVE-2023-6974 was published for mlflow (pip) Dec 20, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database