GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
365 advisories
Filter by severity
Cobbler has Exposed Dangerous Method or Function
Critical
CVE-2018-10931
was published
for
cobbler
(pip)
May 13, 2022
Ansible Insertion of Sensitive Information into Log File vulnerability
Critical
CVE-2017-7550
was published
for
ansible
(pip)
May 13, 2022
Excessive Attack Surface in pyload-ng
Critical
CVE-2023-0435
was published
for
pyload-ng
(pip)
Jan 23, 2023
Apache Airflow Google Provider Improper Input Validation vulnerability
Critical
CVE-2023-25691
was published
for
apache-airflow-providers-google
(pip)
Feb 24, 2023
Apache Airflow Sqoop Provider Improper Input Validation vulnerability
Critical
CVE-2023-25693
was published
for
apache-airflow-providers-apache-sqoop
(pip)
Feb 24, 2023
Apache Airflow Hive Provider Improper Input Validation vulnerability
Critical
CVE-2023-25696
was published
for
apache-airflow-providers-apache-hive
(pip)
Feb 24, 2023
CairoSVG improperly processes SVG files loaded from external resources
Critical
CVE-2023-27586
was published
for
CairoSVG
(pip)
Mar 20, 2023
TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation
Critical
CVE-2023-25668
was published
for
tensorflow
(pip)
Mar 24, 2023
Use of hard-coded, security-relevant constants in deepset-ai/haystack
Critical
CVE-2023-1712
was published
for
farm-haystack
(pip)
Mar 30, 2023
Authentication Bypass in modoboa
Critical
CVE-2023-0777
was published
for
modoboa
(pip)
Feb 10, 2023
Apache Airflow Hive Provider vulnerable to code injection
Critical
CVE-2023-28706
was published
for
apache-airflow-providers-apache-hive
(pip)
Apr 7, 2023
LangChain vulnerable to code injection
Critical
CVE-2023-29374
was published
for
langchain
(pip)
Apr 5, 2023
Remote file access vulnerability in `mlflow server` and `mlflow ui` CLIs
Critical
GHSA-83fm-w79m-64r5
was published
for
mlflow
(pip)
May 1, 2023
Buffer overflow in sponge queue functions
Critical
CVE-2022-37454
was published
for
pysha3
(RubyGems)
Apr 26, 2023
Potential memory corruption in arrayfire
Critical
CVE-2018-20998
was published
for
arrayfire
(pip)
Aug 25, 2021
Radicale is vulnerable to directory traversal on Windows Filesystem Storage Backend component
Critical
CVE-2016-1505
was published
for
Radicale
(pip)
May 17, 2022
web2py remote code execution via hardcoded encryption key in session.connect function
Critical
CVE-2016-3953
was published
for
web2py
(pip)
May 14, 2022
web2py is vulnerable to password brute-force attack
Critical
CVE-2016-10321
was published
for
web2py
(pip)
May 14, 2022
Duplicate Advisory: Improper Restriction of XML External Entity Reference in pikepdf
Critical
CVE-2021-46849
was published
for
pikepdf
(pip)
Oct 24, 2022
•
withdrawn
Ansible Code Injection Vulnerability
Critical
CVE-2014-4678
was published
for
ansible
(pip)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API