GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
50 advisories
Filter by severity
sqlitedict insecure deserialization vulnerability
High
CVE-2024-35515
was published
for
sqlitedict
(pip)
Sep 18, 2024
MindsDB Eval Injection vulnerability
High
CVE-2024-45851
was published
for
mindsdb
(pip)
Sep 12, 2024
MindsDB Eval Injection vulnerability
High
CVE-2024-45850
was published
for
mindsdb
(pip)
Sep 12, 2024
MindsDB Eval Injection vulnerability
High
CVE-2024-45846
was published
for
mindsdb
(pip)
Sep 12, 2024
MindsDB Eval Injection vulnerability
High
CVE-2024-45848
was published
for
mindsdb
(pip)
Sep 12, 2024
MindsDB Eval Injection vulnerability
High
CVE-2024-45847
was published
for
mindsdb
(pip)
Sep 12, 2024
MindsDB Eval Injection vulnerability
High
CVE-2024-45849
was published
for
mindsdb
(pip)
Sep 12, 2024
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine
High
CVE-2024-45053
was published
for
ethyca-fides
(pip)
Sep 4, 2024
Apache Airflow has DAG Author Code Execution possibility in airflow-scheduler
High
CVE-2024-39877
was published
for
apache-airflow
(pip)
Jul 17, 2024
setuptools vulnerable to Command Injection via package URL
High
CVE-2024-6345
was published
for
setuptools
(pip)
Jul 15, 2024
Langflow remote code execution vulnerability
High
CVE-2024-37014
was published
for
langflow
(pip)
Jun 10, 2024
litellm passes untrusted data to `eval` function without sanitization
High
CVE-2024-4264
was published
for
litellm
(pip)
May 18, 2024
RunGptLLM class in LlamaIndex has a command injection
High
CVE-2024-4181
was published
for
llama-index
(pip)
May 16, 2024
vantage6 remote code execution vulnerability
High
CVE-2024-21649
was published
for
vantage6
(pip)
Jan 30, 2024
pandasai vulnerable to prompt injection
High
CVE-2023-39660
was published
for
pandasai
(pip)
Aug 21, 2023
Reportlab vulnerable to remote code execution
High
CVE-2023-33733
was published
for
reportlab
(pip)
Jun 5, 2023
Nautobot vulnerable to remote code execution via Jinja2 template rendering
High
CVE-2023-25657
was published
for
nautobot
(pip)
Feb 22, 2023
NYUCCL psiTurk IS vulnerable to Improper Neutralization of Special Elements
High
CVE-2021-4315
was published
for
psiTurk
(pip)
Jan 29, 2023
pgadmin4 vulnerable to Code Injection
High
CVE-2022-4223
was published
for
pgadmin4
(pip)
Dec 13, 2022
Apache Airflow vulnerable to OS Command Injection via example DAGs
High
CVE-2022-40127
was published
for
apache-airflow
(pip)
Nov 14, 2022
ProTip!
Advisories are also available from the
GraphQL API