Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

365 advisories

Loading
Apache Airflow Sqoop Provider Improper Input Validation vulnerability Critical
CVE-2023-25693 was published for apache-airflow-providers-apache-sqoop (pip) Feb 24, 2023
Apache Airflow Google Provider Improper Input Validation vulnerability Critical
CVE-2023-25691 was published for apache-airflow-providers-google (pip) Feb 24, 2023
Authentication Bypass in modoboa Critical
CVE-2023-0777 was published for modoboa (pip) Feb 10, 2023
Header injection in TurboGears Critical
CVE-2019-25101 was published for TurboGears (pip) Feb 4, 2023
Excessive Attack Surface in pyload-ng Critical
CVE-2023-0435 was published for pyload-ng (pip) Jan 23, 2023
Command Injection in Apache Airflow and Apache Airflow MySQL Provider Critical
CVE-2023-22884 was published for apache-airflow (pip) Jan 21, 2023
Code Injection in pyload-ng Critical
CVE-2023-0297 was published for pyload-ng (pip) Jan 14, 2023
rdiffweb Improper Access Control vulnerability Critical
CVE-2022-4724 was published for rdiffweb (pip) Dec 27, 2022
Apache Airflow Hive Provider vulnerable to Command Injection Critical
CVE-2022-46421 was published for apache-airflow-providers-apache-hive (pip) Dec 20, 2022
Improper Privilege Management in rdiffweb Critical
CVE-2022-4314 was published for rdiffweb (pip) Dec 12, 2022
PaddlePaddle Out-of-bounds Read vulnerability Critical
CVE-2022-46741 was published for paddlepaddle (pip) Dec 7, 2022
PaddlePaddle vulnerable to Code Injection Critical
CVE-2022-46742 was published for PaddlePaddle (pip) Dec 7, 2022
py7zr directory traversal vulnerability Critical
CVE-2022-44900 was published for py7zr (pip) Dec 6, 2022
PyTorch vulnerable to arbitrary code execution Critical
CVE-2022-45907 was published for torch (pip) Nov 26, 2022
WilliamsCJ
PaddlePaddle vulnerable to code injection via winstr Critical
CVE-2022-45908 was published for paddlepaddle (pip) Nov 26, 2022
wger vulnerable to brute force attempts Critical
CVE-2022-2650 was published for wger (pip) Nov 24, 2022
OS Command Injection in Apache Airflow Critical
CVE-2022-38649 was published for apache-airflow (pip) Nov 22, 2022
sunSUNQ
OS Command Injection in Apache Airflow Critical
CVE-2022-40189 was published for apache-airflow (pip) Nov 22, 2022
rdiffweb vulnerable to Insufficient Session Expiration Critical
CVE-2022-3362 was published for rdiffweb (pip) Nov 15, 2022
acryl-datahub missing JWT signature check Critical
CVE-2022-39366 was published for acryl-datahub (pip) Oct 31, 2022
artsploit pwntester
sylwia-budzynska p- Kwstubbs jorgectf
Rdiffweb subject to Business Logic Errors Critical
CVE-2022-3363 was published for rdiffweb (pip) Oct 27, 2022
Duplicate Advisory: Improper Restriction of XML External Entity Reference in pikepdf Critical
CVE-2021-46849 was published for pikepdf (pip) Oct 24, 2022 withdrawn
Rdiffweb is missing authentication for critical function Critical
CVE-2022-3327 was published for rdiffweb (pip) Oct 20, 2022
Shinken Solutions Shinken Monitoring vulnerable to Incorrect Access Control Critical
CVE-2022-37298 was published for Shinken (pip) Oct 20, 2022
Missing rate limit on rdiffweb Critical
CVE-2022-3439 was published for rdiffweb (pip) Oct 14, 2022
ProTip! Advisories are also available from the GraphQL API