GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
397 advisories
Filter by severity
AdaptiveScale LXDUI Hardcoded JWT Secret Key
Critical
CVE-2021-40494
was published
for
lxdui
(pip)
May 24, 2022
Markdown-supplied Shell Command Execution
Critical
CVE-2020-15271
was published
for
lookatme
(pip)
Oct 27, 2020
Improper Privilege Management in sap-xssec
Critical
CVE-2023-50423
was published
for
sap-xssec
(pip)
Dec 13, 2023
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection
Critical
CVE-2024-37301
was published
for
document-merge-service
(pip)
Jun 11, 2024
Duplicate Advisory: Privilege escalation in sap-xssec
Critical
GHSA-p99h-pfg6-qrfg
was published
for
sap-xssec
(pip)
Dec 12, 2023
•
withdrawn
Code-execution backdoor in marcador
Critical
CVE-2022-28470
was published
for
marcador
(pip)
May 9, 2022
LinOTP replay vulnerability with auto resynchronization enabled for TOTP token
Critical
CVE-2019-12887
was published
for
LinOTP
(pip)
May 24, 2022
Lin-CMS-Flask vulnerable to Improper Authentication
Critical
CVE-2020-18698
was published
for
Lin-CMS
(pip)
May 24, 2022
llama-index vulnerable to arbitrary code execution
Critical
CVE-2023-39662
was published
for
llama-index
(pip)
Aug 15, 2023
Eval injection in Supybot/Limnoria
Critical
CVE-2019-19010
was published
for
limnoria
(pip)
Nov 20, 2019
Command injection in LocalStack
Critical
CVE-2021-32090
was published
for
localstack
(pip)
Jun 18, 2021
LangChain vulnerable to code injection
Critical
CVE-2023-29374
was published
for
langchain
(pip)
Apr 5, 2023
Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library
Critical
CVE-2023-39631
was published
for
langchain
(pip)
Sep 1, 2023
Langchain OS Command Injection vulnerability
Critical
CVE-2023-34540
was published
for
langchain
(pip)
Jun 14, 2023
langchain vulnerable to arbitrary code execution
Critical
CVE-2023-36281
was published
for
langchain
(pip)
Aug 22, 2023
langchain arbitrary code execution vulnerability
Critical
CVE-2023-36258
was published
for
langchain
(pip)
Jul 3, 2023
libtaxii Server-Side Request Forgery vulnerability
Critical
CVE-2020-27197
was published
for
libtaxii
(pip)
Apr 30, 2021
Langchain vulnerable to arbitrary code execution
Critical
CVE-2023-34541
was published
for
langchain
(pip)
Jun 20, 2023
Command injection in libvcs and vcspull
Critical
CVE-2022-21187
was published
for
libvcs
(pip)
Mar 15, 2022
LangChain vulnerable to arbitrary code execution
Critical
CVE-2023-38896
was published
for
langchain
(pip)
Aug 15, 2023
LangChain vulnerable to arbitrary code execution
Critical
CVE-2023-39659
was published
for
langchain
(pip)
Aug 15, 2023
Koji hub call does not perform correct access checks
Critical
CVE-2018-1002150
was published
for
koji
(pip)
Jul 12, 2018
ProTip!
Advisories are also available from the
GraphQL API