GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
46 advisories
Filter by severity
Eve allows execution of arbitrary code
Critical
CVE-2018-8097
was published
for
eve
(pip)
Jul 12, 2018
django_make_app is vulnerable to Code Injection
Critical
CVE-2017-16764
was published
for
django_make_app
(pip)
Jul 13, 2018
ipycache is vulnerable to Code Injection
Critical
CVE-2019-7539
was published
for
ipycache
(pip)
Mar 25, 2019
Eval injection in Supybot/Limnoria
Critical
CVE-2019-19010
was published
for
limnoria
(pip)
Nov 20, 2019
remote code execution via git repo provider
Critical
CVE-2021-39159
was published
for
binderhub
(pip)
Aug 30, 2021
Code Injection in PyTorch Lightning
Critical
CVE-2022-0845
was published
for
pytorch-lightning
(pip)
Mar 6, 2022
Zope Object Database (ZODB) vulnerable to arbitrary Python code execution in ZEO storage servers
Critical
CVE-2009-0668
was published
for
ZODB3
(pip)
May 2, 2022
OpenStack Object Storage (swift) Code Injection vulnerability
Critical
CVE-2012-4406
was published
for
swift
(pip)
May 17, 2022
graphite-web is vulnerable to Remote Code Execution
Critical
CVE-2013-5942
was published
for
graphite-web
(pip)
May 17, 2022
graphite-web is vulnerable to Remote Code Execution via renderLocalView function
Critical
CVE-2013-5093
was published
for
graphite-web
(pip)
May 17, 2022
SaltStack Salt Server Side Template Injection
Critical
CVE-2021-25283
was published
for
salt
(pip)
May 24, 2022
joblib vulnerable to arbitrary code execution
Critical
CVE-2022-21797
was published
for
joblib
(pip)
Sep 27, 2022
PaddlePaddle vulnerable to code injection via winstr
Critical
CVE-2022-45908
was published
for
paddlepaddle
(pip)
Nov 26, 2022
GitPython vulnerable to Remote Code Execution due to improper user input validation
Critical
CVE-2022-24439
was published
for
GitPython
(pip)
Dec 6, 2022
PaddlePaddle vulnerable to Code Injection
Critical
CVE-2022-46742
was published
for
paddlepaddle
(pip)
Dec 7, 2022
LangChain vulnerable to code injection
Critical
CVE-2023-29374
was published
for
langchain
(pip)
Apr 5, 2023
Apache Airflow Hive Provider vulnerable to code injection
Critical
CVE-2023-28706
was published
for
apache-airflow-providers-apache-hive
(pip)
Apr 7, 2023
langchain arbitrary code execution vulnerability
Critical
CVE-2023-36258
was published
for
langchain
(pip)
Jul 3, 2023
xalpha vulnerable to Remote Code Execution
Critical
CVE-2023-37659
was published
for
xalpha
(pip)
Jul 11, 2023
langchain Code Injection vulnerability
Critical
CVE-2023-36095
was published
for
langchain
(pip)
Aug 5, 2023
PandasAI vulnerable to arbitrary code execution
Critical
CVE-2023-39661
was published
for
pandasai
(pip)
Aug 15, 2023
ProTip!
Advisories are also available from the
GraphQL API