GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
365 advisories
Filter by severity
Withdrawn: Use after free in SciPy
Critical
CVE-2023-29824
was published
for
scipy
(pip)
Jul 6, 2023
•
withdrawn
langchain vulnerable to arbitrary code execution
Critical
CVE-2023-36188
was published
for
langchain
(pip)
Jul 6, 2023
langchain arbitrary code execution vulnerability
Critical
CVE-2023-36258
was published
for
langchain
(pip)
Jul 3, 2023
Apache Airflow Hive Provider Beeline remote code execution with Principal
Critical
CVE-2023-35797
was published
for
apache-airflow-providers-apache-hive
(pip)
Jul 3, 2023
pipreqs vulnerable to Dependency Confusion
Critical
CVE-2023-31543
was published
for
pipreqs
(pip)
Jun 30, 2023
fief-server Server-Side Template Injection vulnerability
Critical
GHSA-hj8m-9fhf-v7jp
was published
for
fief-server
(pip)
Jun 23, 2023
Langchain vulnerable to arbitrary code execution
Critical
CVE-2023-34541
was published
for
langchain
(pip)
Jun 20, 2023
Langchain OS Command Injection vulnerability
Critical
CVE-2023-34540
was published
for
langchain
(pip)
Jun 14, 2023
toui allows user-specific variables to be shared between users
Critical
CVE-2023-33175
was published
for
toui
(pip)
May 24, 2023
Ckan remote code execution and private information access via crafted resource ids
Critical
CVE-2023-32321
was published
for
ckan
(pip)
May 24, 2023
mlflow Path Traversal vulnerability
Critical
CVE-2023-2780
was published
for
mlflow
(pip)
May 17, 2023
Apache Airflow vulnerable to Privilege Context Switching Error
Critical
CVE-2023-25754
was published
for
apache-airflow
(pip)
May 8, 2023
Django bypasses validation when using one form field to upload multiple files
Critical
CVE-2023-31047
was published
for
Django
(pip)
May 7, 2023
Remote file access vulnerability in `mlflow server` and `mlflow ui` CLIs
Critical
GHSA-83fm-w79m-64r5
was published
for
mlflow
(pip)
May 1, 2023
Relative path traversal in mlflow
Critical
CVE-2023-2356
was published
for
mlflow
(pip)
Apr 28, 2023
Buffer overflow in sponge queue functions
Critical
CVE-2022-37454
was published
for
pysha3
(RubyGems)
Apr 26, 2023
Improper Authorization in modoboa
Critical
CVE-2023-2227
was published
for
modoboa
(pip)
Apr 21, 2023
Apache Airflow Hive Provider vulnerable to code injection
Critical
CVE-2023-28706
was published
for
apache-airflow-providers-apache-hive
(pip)
Apr 7, 2023
LangChain vulnerable to code injection
Critical
CVE-2023-29374
was published
for
langchain
(pip)
Apr 5, 2023
Use of hard-coded, security-relevant constants in deepset-ai/haystack
Critical
CVE-2023-1712
was published
for
farm-haystack
(pip)
Mar 30, 2023
mlflow is vulnerable to remote file access in `mlflow server` and `mlflow ui` CLIs
Critical
CVE-2023-1177
was published
for
mlflow
(pip)
Mar 24, 2023
TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation
Critical
CVE-2023-25668
was published
for
tensorflow
(pip)
Mar 24, 2023
weixin-python XML External Entity vulnerability
Critical
CVE-2018-25082
was published
for
weixin-python
(pip)
Mar 21, 2023
CairoSVG improperly processes SVG files loaded from external resources
Critical
CVE-2023-27586
was published
for
CairoSVG
(pip)
Mar 20, 2023
Apache Airflow Google Provider Improper Input Validation vulnerability
Critical
CVE-2023-25691
was published
for
apache-airflow-providers-google
(pip)
Feb 24, 2023
ProTip!
Advisories are also available from the
GraphQL API