GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
50 advisories
Filter by severity
Code injection in Danijar Definitions
High
CVE-2018-20325
was published
for
definitions
(pip)
Dec 26, 2018
sqla-yaml-fixtures is vulnerable to Code Injection
High
CVE-2019-3575
was published
for
sqla-yaml-fixtures
(pip)
Jan 4, 2019
openapi-python-client Arbitrary Code Generation vulnerability
High
CVE-2020-15142
was published
for
openapi-python-client
(pip)
Aug 20, 2020
Remote Code Execution in Red Discord Bot
High
CVE-2020-15147
was published
for
Red-DiscordBot
(pip)
Aug 21, 2020
Improper Input Validation and Command Injection in Ansible
High
CVE-2021-3583
was published
for
ansible
(pip)
Sep 23, 2021
Cobbler before 3.3.0 allows log poisoning
High
CVE-2021-40323
was published
for
cobbler
(pip)
Oct 5, 2021
Code injection via unsafe YAML loading
High
CVE-2021-43811
was published
for
sockeye
(pip)
Dec 9, 2021
IPython Notebook vulnerable to improper validation of the origin of websocket requests
High
CVE-2014-3429
was published
for
ipython
(pip)
May 14, 2022
OpenStack Swift Unchecked user input in XML responses
High
CVE-2013-2161
was published
for
swift
(pip)
May 14, 2022
Cobbler Web Interface Kickstart Template Remote Privilege Escalation Vulnerability
High
CVE-2008-6954
was published
for
cobbler
(pip)
May 17, 2022
Cobbler is vulnerable to code injection
High
CVE-2010-2235
was published
for
cobbler
(pip)
May 17, 2022
GramAddict bot uses dependency with reverse tcp backdoor
High
CVE-2020-36245
was published
for
GramAddict
(pip)
May 24, 2022
Code injection in `saved_model_cli` in TensorFlow
High
CVE-2022-29216
was published
for
tensorflow
(pip)
May 24, 2022
Poetry Argument Injection can lead to Local Code Execution
High
CVE-2022-36069
was published
for
poetry
(pip)
Sep 16, 2022
Powerline Gitstatus vulnerable to arbitrary code execution
High
CVE-2022-42906
was published
for
powerline-gitstatus
(pip)
Oct 13, 2022
Improper Control of Generation of Code ('Code Injection') in Azure CLI
High
CVE-2022-39327
was published
for
azure-cli
(pip)
Oct 25, 2022
ProTip!
Advisories are also available from the
GraphQL API