Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

376 advisories

Loading
Django SQL injection vulnerability Critical
CVE-2024-42005 was published for Django (pip) Aug 7, 2024
TorchServe vulnerable to bypass of allowed_urls configuration Critical
CVE-2024-35198 was published for torchserve (pip) Jul 18, 2024
Lektor does not sanitize database path traversal Critical
CVE-2024-28335 was published for Lektor (pip) Mar 27, 2024
LangChain Experimental vulnerable to arbitrary code execution Critical
CVE-2024-27444 was published for langchain-experimental (pip) Feb 26, 2024
pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint Critical
CVE-2024-5980 was published for lightning (pip) Jun 27, 2024
awaelchli
Fiona affected by CVE-2023-45853 related to MiniZip madler-zlib Critical
GHSA-q5fm-55c2-v6j9 was published for fiona (pip) Jul 16, 2024
Ankitects Anki arbitrary script execution vulnerability Critical
CVE-2024-26020 was published for anki (pip) Jul 22, 2024
bee-san
Keras code injection vulnerability Critical
CVE-2024-3660 was published for keras (pip) Apr 16, 2024
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user Critical
CVE-2024-2044 was published for pgAdmin4 (pip) Mar 7, 2024
TheZ3ro
NASA AIT-Core vulnerable to SQL Injection Critical
CVE-2024-35056 was published for ait-core (pip) May 21, 2024
VNCAuthProxy authentication bypass vulnerability Critical
CVE-2022-36436 was published for vncauthproxy (pip) Sep 16, 2022
Authentication bypass in Apache Airflow Critical
CVE-2020-13927 was published for apache-airflow (pip) Apr 30, 2021
sunSUNQ
XML Injection in ReportLab Critical
CVE-2019-17626 was published for reportlab (pip) May 24, 2022
GitHub Security Lab (GHSL) Vulnerability Report: Arbitary write GHSL-2023-182 Critical
CVE-2023-50731 was published for mindsdb (pip) Dec 15, 2023
sylwia-budzynska
SaltStack Salt Command Injection in netapi ssh client Critical
CVE-2020-16846 was published for salt (pip) May 24, 2022
python-jwt vulnerable to token forgery with new claims Critical
CVE-2022-39227 was published for python-jwt (pip) Sep 21, 2022
TomTervoort
NASA AIT-Core vulnerable to remote code execution Critical
CVE-2024-35059 was published for ait-core (pip) May 21, 2024
CraftBeerPi 4 allows arbitrary code execution Critical
CVE-2024-3955 was published for cbpi4 (pip) May 2, 2024
Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py Critical
CVE-2024-39236 was published for Gradio (pip) Jul 1, 2024
litellm vulnerable to remote code execution based on using eval unsafely Critical
CVE-2024-5751 was published for litellm (pip) Jun 27, 2024
vanna vulnerable to remote code execution caused by prompt injection Critical
CVE-2024-5826 was published for vanna (pip) Jun 27, 2024
Remote Code Execution via path traversal bypass in lollms Critical
CVE-2024-5443 was published for lollms (pip) Jun 22, 2024
PyMySQL SQL Injection vulnerability Critical
CVE-2024-36039 was published for pymysql (pip) May 21, 2024
Vyper negative array index bounds checks Critical
CVE-2024-24563 was published for vyper (pip) Feb 7, 2024
cyberthirst iFrostizz
lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management Critical
CVE-2024-5389 was published for lunary (pip) Jun 10, 2024
ProTip! Advisories are also available from the GraphQL API