Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

114 advisories

Loading
langchain Code Injection vulnerability Critical
CVE-2023-36095 was published for langchain (pip) Aug 5, 2023
xalpha vulnerable to Remote Code Execution Critical
CVE-2023-37659 was published for xalpha (pip) Jul 11, 2023
langchain arbitrary code execution vulnerability Critical
CVE-2023-36258 was published for langchain (pip) Jul 3, 2023
Reportlab vulnerable to remote code execution High
CVE-2023-33733 was published for reportlab (pip) Jun 5, 2023
m3t3kh4n
Apache Airflow Hive Provider vulnerable to code injection Critical
CVE-2023-28706 was published for apache-airflow-providers-apache-hive (pip) Apr 7, 2023
LangChain vulnerable to code injection Critical
CVE-2023-29374 was published for langchain (pip) Apr 5, 2023
Nautobot vulnerable to remote code execution via Jinja2 template rendering High
CVE-2023-25657 was published for nautobot (pip) Feb 22, 2023
NYUCCL psiTurk IS vulnerable to Improper Neutralization of Special Elements High
CVE-2021-4315 was published for psiTurk (pip) Jan 29, 2023
Code Injection in pyload-ng Critical
CVE-2023-0297 was published for pyload-ng (pip) Jan 14, 2023
pgadmin4 vulnerable to Code Injection High
CVE-2022-4223 was published for pgadmin4 (pip) Dec 13, 2022
PaddlePaddle vulnerable to Code Injection Critical
CVE-2022-46742 was published for paddlepaddle (pip) Dec 7, 2022
mattberry3
GitPython vulnerable to Remote Code Execution due to improper user input validation Critical
CVE-2022-24439 was published for GitPython (pip) Dec 6, 2022
ad-m-ss tdunlap607
PaddlePaddle vulnerable to code injection via winstr Critical
CVE-2022-45908 was published for paddlepaddle (pip) Nov 26, 2022
Apache Airflow vulnerable to OS Command Injection via example DAGs High
CVE-2022-40127 was published for apache-airflow (pip) Nov 14, 2022
Improper Control of Generation of Code ('Code Injection') in Azure CLI High
CVE-2022-39327 was published for azure-cli (pip) Oct 25, 2022
Powerline Gitstatus vulnerable to arbitrary code execution High
CVE-2022-42906 was published for powerline-gitstatus (pip) Oct 13, 2022
joblib vulnerable to arbitrary code execution Critical
CVE-2022-21797 was published for joblib (pip) Sep 27, 2022
dawookie
Poetry Argument Injection can lead to Local Code Execution High
CVE-2022-36069 was published for poetry (pip) Sep 16, 2022
paul-gerste-sonarsource neersighted
Command Injection in Nuitka High
CVE-2022-2054 was published for Nuitka (pip) Jun 13, 2022
Code injection in `saved_model_cli` in TensorFlow High
CVE-2022-29216 was published for tensorflow (pip) May 24, 2022
SaltStack Salt Server Side Template Injection Critical
CVE-2021-25283 was published for salt (pip) May 24, 2022
GramAddict bot uses dependency with reverse tcp backdoor High
CVE-2020-36245 was published for GramAddict (pip) May 24, 2022
qlib Deserialization of Untrusted Data vulnerability Moderate
CVE-2021-23338 was published for pyqlib (pip) May 24, 2022
Cobbler is vulnerable to code injection High
CVE-2010-2235 was published for cobbler (pip) May 17, 2022
graphite-web is vulnerable to Remote Code Execution via renderLocalView function Critical
CVE-2013-5093 was published for graphite-web (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API