Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,867
Maven
5,000+
npm
4,488
NuGet
780
pip
4,244
Pub
12
RubyGems
975
Rust
1,096
Swift
49
Unreviewed advisories
All unreviewed
5,000+

20 advisories

Loading
Cobbler vulnerable to code injection via unsafe YAML loading Moderate
CVE-2011-4953 was published for cobbler (pip) May 17, 2022
code injection vulnerability exists in the huggingface/text-generation-inference repository Moderate
CVE-2024-3924 was published for text-generation (pip) Jun 2, 2024
Arbitrary Code Execution in blazar-dashboard Moderate
CVE-2020-26943 was published for blazar-dashboard (pip) Oct 27, 2020
Remote Code Execution in create_conda_env function in lollms Moderate
CVE-2024-3121 was published for lollms (pip) Jun 24, 2024
Composio Code Injection Vulnerability Moderate
CVE-2024-8864 was published for composio-core (pip) Sep 16, 2024
Plone Sandbox Bypass Moderate
CVE-2012-5493 was published for Plone (pip) May 17, 2022
qlib Deserialization of Untrusted Data vulnerability Moderate
CVE-2021-23338 was published for pyqlib (pip) May 24, 2022
Code Injection in SLO Generator Moderate
CVE-2021-22557 was published for slo-generator (pip) Oct 5, 2021
Privilege escalation for users that can access mock configuration Moderate
CVE-2023-6395 was published for templated_dictionary (pip) Jan 16, 2024
Langflow vulnerable to remote code execution Moderate
CVE-2024-48061 was published for langflow (pip) Nov 5, 2024
Code injection in `saved_model_cli` Moderate
CVE-2021-41228 was published for tensorflow (pip) Nov 10, 2021
Code Injection, Race Condition, and Execution with Unnecessary Privileges in Ansible Moderate
CVE-2020-10684 was published for ansible (pip) Apr 7, 2021
vault-cli contains possible RCE when reading user-defined data Moderate
CVE-2021-43837 was published for vault-cli (pip) Dec 16, 2021
ewjoachim
Credited to ewjoachim
InternLM LMDeploy code injection vulnerability Moderate
CVE-2025-3163 was published for lmdeploy (pip) Apr 3, 2025
Flair allows arbitrary code execution Moderate
CVE-2024-10073 was published for flair (pip) Oct 17, 2024
m3t3kh4n wnowicki
Credited to m3t3kh4n and wnowicki
docarray prototype pollution Moderate
CVE-2025-5150 was published for docarray (pip) May 25, 2025
Pyload log Injection via API /json/add_package in add_name parameter Moderate
GHSA-3wwm-hjv7-23r3 was published for pyload-ng (pip) Jul 30, 2025
SeaW1nd
Credited to SeaW1nd
Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.param_eval Moderate
GHSA-cffc-mxrf-mhh4 was published for picklescan (pip) Dec 29, 2025
CoolwindHF
Credited to CoolwindHF
Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran._eval_length Moderate
GHSA-6556-fwc2-fg2p was published for picklescan (pip) Dec 30, 2025
ac0d3r Lyutoon
Credited to ac0d3r and Lyutoon
Tendenci Affected by Authenticated Remote Code Execution via Pickle Deserialization Moderate
CVE-2026-23946 was published for tendenci (pip) Jan 21, 2026
nedlir
Credited to nedlir
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database