GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
411 advisories
Filter by severity
PaddlePaddle vulnerable to remote code execution
Critical
CVE-2024-0917
was published
for
paddlepaddle
(pip)
Mar 7, 2024
PaddlePaddle command injection in paddle.utils.download._wget_download
Critical
CVE-2024-0815
was published
for
paddlepaddle
(pip)
Mar 7, 2024
PaddlePaddle command injection vulnerability
Critical
CVE-2024-0817
was published
for
paddlepaddle
(pip)
Mar 7, 2024
Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID
Critical
CVE-2024-25128
was published
for
Flask-AppBuilder
(pip)
Feb 28, 2024
LangChain Experimental vulnerable to arbitrary code execution
Critical
CVE-2024-27444
was published
for
langchain-experimental
(pip)
Feb 26, 2024
pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string
Critical
CVE-2024-23346
was published
for
pymatgen
(pip)
Feb 21, 2024
Improper Certificate Validation in apache airflow mongo hook
Critical
CVE-2024-25141
was published
for
apache-airflow-providers-mongo
(pip)
Feb 20, 2024
DIRAC's TokenManager does not check permissions on cached tokens
Critical
CVE-2024-24825
was published
for
DIRAC
(pip)
Feb 8, 2024
SQLAlchemyDA unauthenticated arbitrary SQL query execution
Critical
CVE-2024-24811
was published
for
Products.SQLAlchemyDA
(pip)
Feb 7, 2024
Vyper negative array index bounds checks
Critical
CVE-2024-24563
was published
for
vyper
(pip)
Feb 7, 2024
Vyper's bounds check on built-in `slice()` function can be overflowed
Critical
CVE-2024-24561
was published
for
vyper
(pip)
Feb 1, 2024
Deserialization of untrusted data in synthcity
Critical
CVE-2024-0937
was published
for
synthcity
(pip)
Jan 26, 2024
Cross-site Scripting in Apache superset
Critical
CVE-2023-49657
was published
for
apache-superset
(pip)
Jan 23, 2024
SQL injection in llama-index
Critical
CVE-2024-23751
was published
for
llama-index
(pip)
Jan 22, 2024
Code execution in Embedchain
Critical
CVE-2024-23731
was published
for
embedchain
(pip)
Jan 21, 2024
Unsafe yaml deserialization in llama-hub
Critical
CVE-2024-23730
was published
for
llama-hub
(pip)
Jan 21, 2024
Code Injection in paddlepaddle
Critical
CVE-2024-0521
was published
for
paddlepaddle
(pip)
Jan 20, 2024
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation
Critical
CVE-2024-22416
was published
for
pyload-ng
(pip)
Jan 19, 2024
Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC
Critical
CVE-2024-21669
was published
for
aries-cloudagent
(pip)
Jan 9, 2024
PaddlePaddle command injection in get_online_pass_interval
Critical
CVE-2023-52310
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
PaddlePaddle command injection in _wget_download
Critical
CVE-2023-52311
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
PaddlePaddle command injection in convert_shape_compare
Critical
CVE-2023-52314
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
MLFlow Path Traversal Vulnerability
Critical
CVE-2023-6975
was published
for
mlflow
(pip)
Dec 20, 2023
MLflow Server-Side Request Forgery (SSRF)
Critical
CVE-2023-6974
was published
for
mlflow
(pip)
Dec 20, 2023
ProTip!
Advisories are also available from the
GraphQL API