GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
365 advisories
Filter by severity
Langchain SQL Injection vulnerability
Critical
CVE-2023-32785
was published
for
langchain
(pip)
Oct 21, 2023
modoboa Cross-site Scripting vulnerability
Critical
CVE-2023-5688
was published
for
modoboa
(pip)
Oct 20, 2023
pyminizip affected by zlib's integer overflow/heap based buffer overflow vulnerability due to vulnerable dependency
Critical
CVE-2023-45853
was published
for
pyminizip
(pip)
Oct 14, 2023
langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method
Critical
CVE-2023-44467
was published
for
langchain-experimental
(pip)
Oct 9, 2023
TorchServe Server-Side Request Forgery vulnerability
Critical
CVE-2023-43654
was published
for
torchserve
(pip)
Oct 2, 2023
TorchServe Pre-Auth Remote Code Execution
Critical
GHSA-4mqg-h5jf-j9m7
was published
for
torchserve
(pip)
Oct 2, 2023
Searchor CLI's Search vulnerable to Arbitrary Code using Eval
Critical
CVE-2023-43364
was published
for
searchor
(pip)
Sep 25, 2023
Gevent allows remote attacker to escalate privileges
Critical
CVE-2023-41419
was published
for
gevent
(pip)
Sep 25, 2023
ReportLab vulnerable to remote code execution via paraparser
Critical
CVE-2019-19450
was published
for
reportlab
(pip)
Sep 20, 2023
Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library
Critical
CVE-2023-39631
was published
for
langchain
(pip)
Sep 1, 2023
Heap-based buffer overflow in ZBar
Critical
CVE-2023-40889
was published
for
zbar
(pip)
Aug 29, 2023
langchain vulnerable to arbitrary code execution
Critical
CVE-2023-36281
was published
for
langchain
(pip)
Aug 22, 2023
PandasAI vulnerable to arbitrary code execution
Critical
CVE-2023-39661
was published
for
pandasai
(pip)
Aug 15, 2023
LangChain vulnerable to arbitrary code execution
Critical
CVE-2023-38896
was published
for
langchain
(pip)
Aug 15, 2023
LangChain vulnerable to arbitrary code execution
Critical
CVE-2023-38860
was published
for
langchain
(pip)
Aug 15, 2023
LangChain vulnerable to arbitrary code execution
Critical
CVE-2023-39659
was published
for
langchain
(pip)
Aug 15, 2023
llama-index vulnerable to arbitrary code execution
Critical
CVE-2023-39662
was published
for
llama-index
(pip)
Aug 15, 2023
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments
Critical
CVE-2023-40267
was published
for
GitPython
(pip)
Aug 11, 2023
langchain Code Injection vulnerability
Critical
CVE-2023-36095
was published
for
langchain
(pip)
Aug 5, 2023
MindsDB can be made to not verify SSL certificates
Critical
CVE-2023-38699
was published
for
MindsDB
(pip)
Aug 1, 2023
Sydent does not verify email server certificates
Critical
CVE-2023-38686
was published
for
matrix-sydent
(pip)
Jul 31, 2023
Command injection in PaddlePaddle
Critical
CVE-2023-38673
was published
for
paddlepaddle
(pip)
Jul 26, 2023
MLflow Path Traversal vulnerability
Critical
CVE-2023-3765
was published
for
mlflow
(pip)
Jul 19, 2023
postgraas-server vulnerable to SQL injection
Critical
CVE-2018-25088
was published
for
postgraas-server
(pip)
Jul 18, 2023
xalpha vulnerable to Remote Code Execution
Critical
CVE-2023-37659
was published
for
xalpha
(pip)
Jul 11, 2023
ProTip!
Advisories are also available from the
GraphQL API