GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
365 advisories
Filter by severity
OpenStack Neutron vulnerable to hardware address impersonation
Critical
CVE-2021-38598
was published
for
neutron
(pip)
May 24, 2022
pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string
Critical
CVE-2024-23346
was published
for
pymatgen
(pip)
Feb 21, 2024
SQLAlchemyDA unauthenticated arbitrary SQL query execution
Critical
CVE-2024-24811
was published
for
Products.SQLAlchemyDA
(pip)
Feb 7, 2024
VNCAuthProxy authentication bypass vulnerability
Critical
CVE-2022-36436
was published
for
vncauthproxy
(pip)
Sep 16, 2022
llama-index vulnerable to arbitrary code execution
Critical
CVE-2023-39662
was published
for
llama-index
(pip)
Aug 15, 2023
OpenStack Object Storage (swift) Code Injection vulnerability
Critical
CVE-2012-4406
was published
for
swift
(pip)
May 17, 2022
Deserialization of untrusted data in synthcity
Critical
CVE-2024-0937
was published
for
synthcity
(pip)
Jan 26, 2024
Ansible Arbitrary Code Execution
Critical
CVE-2014-4966
was published
for
ansible
(pip)
May 17, 2022
Ansible Arbitrary Code Execution
Critical
CVE-2014-4967
was published
for
ansible
(pip)
May 17, 2022
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation
Critical
CVE-2024-22416
was published
for
pyload-ng
(pip)
Jan 19, 2024
Cross-site Scripting in Apache superset
Critical
CVE-2023-49657
was published
for
apache-superset
(pip)
Jan 23, 2024
SQL injection in llama-index
Critical
CVE-2024-23751
was published
for
llama-index
(pip)
Jan 22, 2024
Unsafe yaml deserialization in llama-hub
Critical
CVE-2024-23730
was published
for
llama-hub
(pip)
Jan 21, 2024
Code Injection in paddlepaddle
Critical
CVE-2024-0521
was published
for
paddlepaddle
(pip)
Jan 20, 2024
Code execution in Embedchain
Critical
CVE-2024-23731
was published
for
embedchain
(pip)
Jan 21, 2024
pyminizip affected by zlib's integer overflow/heap based buffer overflow vulnerability due to vulnerable dependency
Critical
CVE-2023-45853
was published
for
pyminizip
(pip)
Oct 14, 2023
Remote Code Execution vulnerability in Apache IoTDB via UDF
Critical
CVE-2023-46226
was published
for
apache-iotdb
(Maven)
Jan 15, 2024
Openstack Keystone Incorrect Authorization vulnerability
Critical
CVE-2021-3563
was published
for
keystone
(pip)
Aug 27, 2022
Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC
Critical
CVE-2024-21669
was published
for
aries-cloudagent
(pip)
Jan 9, 2024
Heap-based buffer overflow in ZBar
Critical
CVE-2023-40889
was published
for
zbar
(pip)
Aug 29, 2023
PaddlePaddle command injection in convert_shape_compare
Critical
CVE-2023-52314
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
PaddlePaddle command injection in _wget_download
Critical
CVE-2023-52311
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
PaddlePaddle command injection in get_online_pass_interval
Critical
CVE-2023-52310
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
ProTip!
Advisories are also available from the
GraphQL API