Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

365 advisories

Loading
Langchain SQL Injection vulnerability Critical
CVE-2023-32785 was published for langchain (pip) Oct 21, 2023
modoboa Cross-site Scripting vulnerability Critical
CVE-2023-5688 was published for modoboa (pip) Oct 20, 2023
pyminizip affected by zlib's integer overflow/heap based buffer overflow vulnerability due to vulnerable dependency Critical
CVE-2023-45853 was published for pyminizip (pip) Oct 14, 2023
langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method Critical
CVE-2023-44467 was published for langchain-experimental (pip) Oct 9, 2023
TorchServe Server-Side Request Forgery vulnerability Critical
CVE-2023-43654 was published for torchserve (pip) Oct 2, 2023
TorchServe Pre-Auth Remote Code Execution Critical
GHSA-4mqg-h5jf-j9m7 was published for torchserve (pip) Oct 2, 2023
Searchor CLI's Search vulnerable to Arbitrary Code using Eval Critical
CVE-2023-43364 was published for searchor (pip) Sep 25, 2023
Gevent allows remote attacker to escalate privileges Critical
CVE-2023-41419 was published for gevent (pip) Sep 25, 2023
pf-billoday
ReportLab vulnerable to remote code execution via paraparser Critical
CVE-2019-19450 was published for reportlab (pip) Sep 20, 2023
Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library Critical
CVE-2023-39631 was published for langchain (pip) Sep 1, 2023
eyurtsev
Heap-based buffer overflow in ZBar Critical
CVE-2023-40889 was published for zbar (pip) Aug 29, 2023
langchain vulnerable to arbitrary code execution Critical
CVE-2023-36281 was published for langchain (pip) Aug 22, 2023
eyurtsev
PandasAI vulnerable to arbitrary code execution Critical
CVE-2023-39661 was published for pandasai (pip) Aug 15, 2023
LangChain vulnerable to arbitrary code execution Critical
CVE-2023-38896 was published for langchain (pip) Aug 15, 2023
LangChain vulnerable to arbitrary code execution Critical
CVE-2023-38860 was published for langchain (pip) Aug 15, 2023
LangChain vulnerable to arbitrary code execution Critical
CVE-2023-39659 was published for langchain (pip) Aug 15, 2023
eyurtsev
llama-index vulnerable to arbitrary code execution Critical
CVE-2023-39662 was published for llama-index (pip) Aug 15, 2023
KaliforniaShell
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments Critical
CVE-2023-40267 was published for GitPython (pip) Aug 11, 2023
langchain Code Injection vulnerability Critical
CVE-2023-36095 was published for langchain (pip) Aug 5, 2023
MindsDB can be made to not verify SSL certificates Critical
CVE-2023-38699 was published for MindsDB (pip) Aug 1, 2023
truesoni
Sydent does not verify email server certificates Critical
CVE-2023-38686 was published for matrix-sydent (pip) Jul 31, 2023
Command injection in PaddlePaddle Critical
CVE-2023-38673 was published for paddlepaddle (pip) Jul 26, 2023
MLflow Path Traversal vulnerability Critical
CVE-2023-3765 was published for mlflow (pip) Jul 19, 2023
postgraas-server vulnerable to SQL injection Critical
CVE-2018-25088 was published for postgraas-server (pip) Jul 18, 2023
xalpha vulnerable to Remote Code Execution Critical
CVE-2023-37659 was published for xalpha (pip) Jul 11, 2023
ProTip! Advisories are also available from the GraphQL API