GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
365 advisories
Filter by severity
Apache Airflow Sqoop Provider Improper Input Validation vulnerability
Critical
CVE-2023-25693
was published
for
apache-airflow-providers-apache-sqoop
(pip)
Feb 24, 2023
Apache Airflow Google Provider Improper Input Validation vulnerability
Critical
CVE-2023-25691
was published
for
apache-airflow-providers-google
(pip)
Feb 24, 2023
Authentication Bypass in modoboa
Critical
CVE-2023-0777
was published
for
modoboa
(pip)
Feb 10, 2023
Header injection in TurboGears
Critical
CVE-2019-25101
was published
for
TurboGears
(pip)
Feb 4, 2023
Excessive Attack Surface in pyload-ng
Critical
CVE-2023-0435
was published
for
pyload-ng
(pip)
Jan 23, 2023
Command Injection in Apache Airflow and Apache Airflow MySQL Provider
Critical
CVE-2023-22884
was published
for
apache-airflow
(pip)
Jan 21, 2023
rdiffweb Improper Access Control vulnerability
Critical
CVE-2022-4724
was published
for
rdiffweb
(pip)
Dec 27, 2022
Apache Airflow Hive Provider vulnerable to Command Injection
Critical
CVE-2022-46421
was published
for
apache-airflow-providers-apache-hive
(pip)
Dec 20, 2022
Improper Privilege Management in rdiffweb
Critical
CVE-2022-4314
was published
for
rdiffweb
(pip)
Dec 12, 2022
PaddlePaddle Out-of-bounds Read vulnerability
Critical
CVE-2022-46741
was published
for
paddlepaddle
(pip)
Dec 7, 2022
PaddlePaddle vulnerable to Code Injection
Critical
CVE-2022-46742
was published
for
PaddlePaddle
(pip)
Dec 7, 2022
py7zr directory traversal vulnerability
Critical
CVE-2022-44900
was published
for
py7zr
(pip)
Dec 6, 2022
PyTorch vulnerable to arbitrary code execution
Critical
CVE-2022-45907
was published
for
torch
(pip)
Nov 26, 2022
PaddlePaddle vulnerable to code injection via winstr
Critical
CVE-2022-45908
was published
for
paddlepaddle
(pip)
Nov 26, 2022
wger vulnerable to brute force attempts
Critical
CVE-2022-2650
was published
for
wger
(pip)
Nov 24, 2022
OS Command Injection in Apache Airflow
Critical
CVE-2022-38649
was published
for
apache-airflow
(pip)
Nov 22, 2022
OS Command Injection in Apache Airflow
Critical
CVE-2022-40189
was published
for
apache-airflow
(pip)
Nov 22, 2022
rdiffweb vulnerable to Insufficient Session Expiration
Critical
CVE-2022-3362
was published
for
rdiffweb
(pip)
Nov 15, 2022
acryl-datahub missing JWT signature check
Critical
CVE-2022-39366
was published
for
acryl-datahub
(pip)
Oct 31, 2022
Rdiffweb subject to Business Logic Errors
Critical
CVE-2022-3363
was published
for
rdiffweb
(pip)
Oct 27, 2022
Duplicate Advisory: Improper Restriction of XML External Entity Reference in pikepdf
Critical
CVE-2021-46849
was published
for
pikepdf
(pip)
Oct 24, 2022
•
withdrawn
Rdiffweb is missing authentication for critical function
Critical
CVE-2022-3327
was published
for
rdiffweb
(pip)
Oct 20, 2022
Shinken Solutions Shinken Monitoring vulnerable to Incorrect Access Control
Critical
CVE-2022-37298
was published
for
Shinken
(pip)
Oct 20, 2022
ProTip!
Advisories are also available from the
GraphQL API