GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
365 advisories
Filter by severity
SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi
Critical
CVE-2020-25592
was published
for
salt
(pip)
May 24, 2022
SaltStack Salt Remote command execution and incorrect access control when using salt-api
Critical
CVE-2018-15751
was published
for
salt
(pip)
May 13, 2022
SaltStack Salt allows compromised salt-minions to impersonate the salt-master
Critical
CVE-2017-7893
was published
for
salt
(pip)
May 13, 2022
SaltStack Salt Directory traversal vulnerability in minion id validation
Critical
CVE-2017-14695
was published
for
salt
(pip)
May 17, 2022
SaltStack Salt Directory traversal vulnerability in minion id validation
Critical
CVE-2017-12791
was published
for
salt
(pip)
May 17, 2022
Numpy Deserialization of Untrusted Data
Critical
CVE-2019-6446
was published
for
numpy
(pip)
May 24, 2022
SaltStack Salt Directory Traversal vulnerability
Critical
CVE-2021-25282
was published
for
salt
(pip)
May 24, 2022
SaltStack Salt Improper Authentication vulnerability
Critical
CVE-2021-25281
was published
for
salt
(pip)
May 24, 2022
SaltStack Salt Server Side Template Injection
Critical
CVE-2021-25283
was published
for
salt
(pip)
May 24, 2022
SaltStack Salt is vulnerable to shell injection via ProxyCommand argument
Critical
CVE-2021-3197
was published
for
salt
(pip)
May 24, 2022
SaltStack Salt eauth tokens can be used once after expiration
Critical
CVE-2021-3144
was published
for
salt
(pip)
May 24, 2022
SaltStack Salt command injection in the Salt-API when using the Salt-SSH client
Critical
CVE-2021-3148
was published
for
salt
(pip)
May 24, 2022
joblib vulnerable to arbitrary code execution
Critical
CVE-2022-21797
was published
for
joblib
(pip)
Sep 27, 2022
rpc.py vulnerable to Deserialization of Untrusted Data
Critical
CVE-2022-35411
was published
for
rpc.py
(pip)
Jul 9, 2022
Arbitrary expression injection in Pillow
Critical
CVE-2022-22817
was published
for
Pillow
(pip)
Jan 12, 2022
jsonpickle unsafe deserialization
Critical
CVE-2020-22083
was published
for
jsonpickle
(pip)
May 24, 2022
llama-index-core Command Injection vulnerability
Critical
CVE-2024-3271
was published
for
llama-index-core
(pip)
Apr 16, 2024
Insecure deserialization in BentoML
Critical
CVE-2024-2912
was published
for
bentoml
(pip)
Apr 16, 2024
mlflow vulnerable to Path Traversal
Critical
CVE-2024-3573
was published
for
mlflow
(pip)
Apr 16, 2024
LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint
Critical
CVE-2024-2952
was published
for
litellm
(pip)
Apr 10, 2024
llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution
Critical
CVE-2024-3098
was published
for
llama-index-core
(pip)
Apr 10, 2024
Aim Web API vulnerable to Remote Code Execution
Critical
CVE-2024-2195
was published
for
aim
(pip)
Apr 10, 2024
TensorFlow vulnerable to heap out of bounds read in filesystem glob matching
Critical
CVE-2020-26269
was published
for
tensorflow
(pip)
Oct 7, 2022
Asterix Heap-based Buffer Overflow
Critical
CVE-2021-44144
was published
for
asterix_decoder
(pip)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API