Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

365 advisories

Loading
OpenStack Neutron vulnerable to hardware address impersonation Critical
CVE-2021-38598 was published for neutron (pip) May 24, 2022
pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string Critical
CVE-2024-23346 was published for pymatgen (pip) Feb 21, 2024
SteakEnthusiast mkhorton
SQLAlchemyDA unauthenticated arbitrary SQL query execution Critical
CVE-2024-24811 was published for Products.SQLAlchemyDA (pip) Feb 7, 2024
perrinjerome dataflake
Path traversal in MLflow Critical
CVE-2023-6831 was published for mlflow (pip) Dec 15, 2023
VNCAuthProxy authentication bypass vulnerability Critical
CVE-2022-36436 was published for vncauthproxy (pip) Sep 16, 2022
llama-index vulnerable to arbitrary code execution Critical
CVE-2023-39662 was published for llama-index (pip) Aug 15, 2023
KaliforniaShell
Code execution in pandasai Critical
CVE-2024-23752 was published for pandasai (pip) Jan 22, 2024
OpenStack Object Storage (swift) Code Injection vulnerability Critical
CVE-2012-4406 was published for swift (pip) May 17, 2022
Deserialization of untrusted data in synthcity Critical
CVE-2024-0937 was published for synthcity (pip) Jan 26, 2024
m3t3kh4n
Ansible Arbitrary Code Execution Critical
CVE-2014-4966 was published for ansible (pip) May 17, 2022
Ansible Arbitrary Code Execution Critical
CVE-2014-4967 was published for ansible (pip) May 17, 2022
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation Critical
CVE-2024-22416 was published for pyload-ng (pip) Jan 19, 2024
PinkDraconian kaydoda
Cross-site Scripting in Apache superset Critical
CVE-2023-49657 was published for apache-superset (pip) Jan 23, 2024
SQL injection in llama-index Critical
CVE-2024-23751 was published for llama-index (pip) Jan 22, 2024
Unsafe yaml deserialization in llama-hub Critical
CVE-2024-23730 was published for llama-hub (pip) Jan 21, 2024
r3kumar
Code Injection in paddlepaddle Critical
CVE-2024-0521 was published for paddlepaddle (pip) Jan 20, 2024
Code execution in Embedchain Critical
CVE-2024-23731 was published for embedchain (pip) Jan 21, 2024
pyminizip affected by zlib's integer overflow/heap based buffer overflow vulnerability due to vulnerable dependency Critical
CVE-2023-45853 was published for pyminizip (pip) Oct 14, 2023
Remote Code Execution vulnerability in Apache IoTDB via UDF Critical
CVE-2023-46226 was published for apache-iotdb (Maven) Jan 15, 2024
Openstack Keystone Incorrect Authorization vulnerability Critical
CVE-2021-3563 was published for keystone (pip) Aug 27, 2022
Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC Critical
CVE-2024-21669 was published for aries-cloudagent (pip) Jan 9, 2024
dbluhm
Heap-based buffer overflow in ZBar Critical
CVE-2023-40889 was published for zbar (pip) Aug 29, 2023
PaddlePaddle command injection in convert_shape_compare Critical
CVE-2023-52314 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle command injection in _wget_download Critical
CVE-2023-52311 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle command injection in get_online_pass_interval Critical
CVE-2023-52310 was published for PaddlePaddle (pip) Jan 3, 2024
ProTip! Advisories are also available from the GraphQL API