Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

518 advisories

Loading
Code execution in Embedchain Critical
CVE-2024-23731 was published for embedchain (pip) Jan 21, 2024
Code Injection in paddlepaddle Critical
CVE-2024-0521 was published for paddlepaddle (pip) Jan 20, 2024
SQL injection in llama-index Critical
CVE-2024-23751 was published for llama-index (pip) Jan 22, 2024
Cross-site Scripting in Apache superset Critical
CVE-2023-49657 was published for apache-superset (pip) Jan 23, 2024
Deserialization of untrusted data in synthcity Critical
CVE-2024-0937 was published for synthcity (pip) Jan 26, 2024
m3t3kh4n
Credited to m3t3kh4n
OpenStack Object Storage (swift) Code Injection vulnerability Critical
CVE-2012-4406 was published for swift (pip) May 17, 2022
Code execution in pandasai Critical
CVE-2024-23752 was published for pandasai (pip) Jan 22, 2024
Path traversal in MLflow Critical
CVE-2023-6831 was published for mlflow (pip) Dec 15, 2023
SQLAlchemyDA unauthenticated arbitrary SQL query execution Critical
CVE-2024-24811 was published for Products.SQLAlchemyDA (pip) Feb 7, 2024
perrinjerome dataflake
Credited to perrinjerome and dataflake
Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerability Critical
CVE-2023-6572 was published for gradio (pip) Dec 14, 2023
postgraas-server vulnerable to SQL injection Critical
CVE-2018-25088 was published for postgraas-server (pip) Jul 18, 2023
Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID Critical
CVE-2024-25128 was published for Flask-AppBuilder (pip) Feb 28, 2024
parantheses dpgaspar
Credited to parantheses and dpgaspar
OS Command Injection in Apache Airflow Critical
CVE-2022-38649 was published for apache-airflow (pip) Nov 22, 2022
sunSUNQ
Credited to sunSUNQ
MLflow authentication requirement bypass can allow a user to arbitrarily create an account Critical
CVE-2023-6014 was published for mlflow (pip) Nov 16, 2023
MarkLee131 yoshizawa-masatoshi
Credited to MarkLee131 and yoshizawa-masatoshi
Whoogle Search Server-Side Request Forgery vulnerability Critical
CVE-2024-22205 was published for whoogle-search (pip) Mar 14, 2024
Whoogle Search Path Traversal vulnerability Critical
CVE-2024-22203 was published for whoogle-search (pip) Mar 14, 2024
llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution Critical
CVE-2024-3098 was published for llama-index-core (pip) Apr 10, 2024
LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint Critical
CVE-2024-2952 was published for litellm (pip) Apr 10, 2024
ishaan-jaff r3kumar
Credited to ishaan-jaff and r3kumar
Insecure deserialization in BentoML Critical
CVE-2024-2912 was published for bentoml (pip) Apr 16, 2024
llama-index-core Command Injection vulnerability Critical
CVE-2024-3271 was published for llama-index-core (pip) Apr 16, 2024
rpc.py vulnerable to Deserialization of Untrusted Data Critical
CVE-2022-35411 was published for rpc.py (pip) Jul 9, 2022
pyLoad allows upload to arbitrary folder lead to RCE Critical
CVE-2024-32880 was published for pyload-ng (pip) Apr 24, 2024
zhcy2018
Credited to zhcy2018
ReportLab vulnerable to remote code execution via paraparser Critical
CVE-2019-19450 was published for reportlab (pip) Sep 20, 2023
OpenStack os-vif Ageing time of 0 disables linuxbridge MAC learning Critical
CVE-2019-15753 was published for os-vif (pip) May 24, 2022
OpenStack Octavia Amphora-Agent not requiring Client-Certificate Critical
CVE-2019-17134 was published for octavia (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database