GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
114 advisories
Filter by severity
langchain Code Injection vulnerability
Critical
CVE-2023-36095
was published
for
langchain
(pip)
Aug 5, 2023
xalpha vulnerable to Remote Code Execution
Critical
CVE-2023-37659
was published
for
xalpha
(pip)
Jul 11, 2023
langchain arbitrary code execution vulnerability
Critical
CVE-2023-36258
was published
for
langchain
(pip)
Jul 3, 2023
Reportlab vulnerable to remote code execution
High
CVE-2023-33733
was published
for
reportlab
(pip)
Jun 5, 2023
Apache Airflow Hive Provider vulnerable to code injection
Critical
CVE-2023-28706
was published
for
apache-airflow-providers-apache-hive
(pip)
Apr 7, 2023
LangChain vulnerable to code injection
Critical
CVE-2023-29374
was published
for
langchain
(pip)
Apr 5, 2023
Nautobot vulnerable to remote code execution via Jinja2 template rendering
High
CVE-2023-25657
was published
for
nautobot
(pip)
Feb 22, 2023
NYUCCL psiTurk IS vulnerable to Improper Neutralization of Special Elements
High
CVE-2021-4315
was published
for
psiTurk
(pip)
Jan 29, 2023
pgadmin4 vulnerable to Code Injection
High
CVE-2022-4223
was published
for
pgadmin4
(pip)
Dec 13, 2022
PaddlePaddle vulnerable to Code Injection
Critical
CVE-2022-46742
was published
for
paddlepaddle
(pip)
Dec 7, 2022
GitPython vulnerable to Remote Code Execution due to improper user input validation
Critical
CVE-2022-24439
was published
for
GitPython
(pip)
Dec 6, 2022
PaddlePaddle vulnerable to code injection via winstr
Critical
CVE-2022-45908
was published
for
paddlepaddle
(pip)
Nov 26, 2022
Apache Airflow vulnerable to OS Command Injection via example DAGs
High
CVE-2022-40127
was published
for
apache-airflow
(pip)
Nov 14, 2022
Improper Control of Generation of Code ('Code Injection') in Azure CLI
High
CVE-2022-39327
was published
for
azure-cli
(pip)
Oct 25, 2022
Powerline Gitstatus vulnerable to arbitrary code execution
High
CVE-2022-42906
was published
for
powerline-gitstatus
(pip)
Oct 13, 2022
joblib vulnerable to arbitrary code execution
Critical
CVE-2022-21797
was published
for
joblib
(pip)
Sep 27, 2022
Poetry Argument Injection can lead to Local Code Execution
High
CVE-2022-36069
was published
for
poetry
(pip)
Sep 16, 2022
Code injection in `saved_model_cli` in TensorFlow
High
CVE-2022-29216
was published
for
tensorflow
(pip)
May 24, 2022
SaltStack Salt Server Side Template Injection
Critical
CVE-2021-25283
was published
for
salt
(pip)
May 24, 2022
GramAddict bot uses dependency with reverse tcp backdoor
High
CVE-2020-36245
was published
for
GramAddict
(pip)
May 24, 2022
qlib Deserialization of Untrusted Data vulnerability
Moderate
CVE-2021-23338
was published
for
pyqlib
(pip)
May 24, 2022
Cobbler is vulnerable to code injection
High
CVE-2010-2235
was published
for
cobbler
(pip)
May 17, 2022
graphite-web is vulnerable to Remote Code Execution via renderLocalView function
Critical
CVE-2013-5093
was published
for
graphite-web
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API