Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

411 advisories

Loading
PaddlePaddle vulnerable to remote code execution Critical
CVE-2024-0917 was published for paddlepaddle (pip) Mar 7, 2024
PaddlePaddle command injection in paddle.utils.download._wget_download Critical
CVE-2024-0815 was published for paddlepaddle (pip) Mar 7, 2024
PaddlePaddle command injection vulnerability Critical
CVE-2024-0817 was published for paddlepaddle (pip) Mar 7, 2024
Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID Critical
CVE-2024-25128 was published for Flask-AppBuilder (pip) Feb 28, 2024
parantheses dpgaspar
LangChain Experimental vulnerable to arbitrary code execution Critical
CVE-2024-27444 was published for langchain-experimental (pip) Feb 26, 2024
Improper Certificate Validation in apache airflow mongo hook Critical
CVE-2024-25141 was published for apache-airflow-providers-mongo (pip) Feb 20, 2024
DIRAC's TokenManager does not check permissions on cached tokens Critical
CVE-2024-24825 was published for DIRAC (pip) Feb 8, 2024
chaen aldbr
chrisburr
SQLAlchemyDA unauthenticated arbitrary SQL query execution Critical
CVE-2024-24811 was published for Products.SQLAlchemyDA (pip) Feb 7, 2024
perrinjerome dataflake
Vyper negative array index bounds checks Critical
CVE-2024-24563 was published for vyper (pip) Feb 7, 2024
cyberthirst iFrostizz
Vyper's bounds check on built-in `slice()` function can be overflowed Critical
CVE-2024-24561 was published for vyper (pip) Feb 1, 2024
zobront kuroi8
Deserialization of untrusted data in synthcity Critical
CVE-2024-0937 was published for synthcity (pip) Jan 26, 2024
m3t3kh4n
Cross-site Scripting in Apache superset Critical
CVE-2023-49657 was published for apache-superset (pip) Jan 23, 2024
Code execution in pandasai Critical
CVE-2024-23752 was published for pandasai (pip) Jan 22, 2024
SQL injection in llama-index Critical
CVE-2024-23751 was published for llama-index (pip) Jan 22, 2024
Code execution in Embedchain Critical
CVE-2024-23731 was published for embedchain (pip) Jan 21, 2024
Unsafe yaml deserialization in llama-hub Critical
CVE-2024-23730 was published for llama-hub (pip) Jan 21, 2024
r3kumar
Code Injection in paddlepaddle Critical
CVE-2024-0521 was published for paddlepaddle (pip) Jan 20, 2024
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation Critical
CVE-2024-22416 was published for pyload-ng (pip) Jan 19, 2024
PinkDraconian kaydoda
Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC Critical
CVE-2024-21669 was published for aries-cloudagent (pip) Jan 9, 2024
dbluhm
PaddlePaddle command injection in get_online_pass_interval Critical
CVE-2023-52310 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle command injection in _wget_download Critical
CVE-2023-52311 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle command injection in convert_shape_compare Critical
CVE-2023-52314 was published for PaddlePaddle (pip) Jan 3, 2024
MLFlow Path Traversal Vulnerability Critical
CVE-2023-6975 was published for mlflow (pip) Dec 20, 2023
MLflow Server-Side Request Forgery (SSRF) Critical
CVE-2023-6974 was published for mlflow (pip) Dec 20, 2023
ProTip! Advisories are also available from the GraphQL API