GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
429 advisories
Filter by severity
python-scciclient vulnerable to Man-in-the-middle (MITM) attacks
Critical
CVE-2022-2996
was published
for
python-scciclient
(pip)
Sep 2, 2022
WMAgent arbitrary code execution via a crafted dbs-client package
Critical
CVE-2022-34558
was published
for
global-workqueue
(pip)
Jul 29, 2022
Plone Arbitrary Code Execution via Unsafe Handling of Pickles
Critical
CVE-2007-5741
was published
for
plone
(pip)
May 1, 2022
exotel-py includes code execution backdoor inserted by a third party
Critical
CVE-2022-38792
was published
for
exotel
(pip)
Aug 28, 2022
Vanna prompt injection code execution
Critical
CVE-2024-5565
was published
for
vanna
(pip)
May 31, 2024
Inconsistent Interpretation of HTTP Requests in twisted.web
Critical
CVE-2022-24801
was published
for
twisted
(pip)
Apr 4, 2022
Improper Certificate Validation in Twisted
Critical
CVE-2019-12855
was published
for
twisted
(pip)
Aug 16, 2019
HTTP Request Smuggling in Twisted
Critical
CVE-2020-10109
was published
for
Twisted
(pip)
Mar 31, 2020
Improper Input Validation in Twisted
Critical
CVE-2020-10108
was published
for
Twisted
(pip)
Mar 31, 2020
langchain arbitrary code execution vulnerability
Critical
CVE-2023-36258
was published
for
langchain
(pip)
Jul 3, 2023
Vyper negative array index bounds checks
Critical
CVE-2024-24563
was published
for
vyper
(pip)
Feb 7, 2024
Vyper's bounds check on built-in `slice()` function can be overflowed
Critical
CVE-2024-24561
was published
for
vyper
(pip)
Feb 1, 2024
transformers has a Deserialization of Untrusted Data vulnerability
Critical
CVE-2023-6730
was published
for
transformers
(pip)
Dec 19, 2023
Origin Validation Error in rdiffweb
Critical
CVE-2022-3457
was published
for
rdiffweb
(pip)
Oct 14, 2022
PaddlePaddle command injection in convert_shape_compare
Critical
CVE-2023-52314
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
PaddlePaddle command injection in _wget_download
Critical
CVE-2023-52311
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
PaddlePaddle command injection in get_online_pass_interval
Critical
CVE-2023-52310
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens
Critical
CVE-2023-43791
was published
for
label-studio
(pip)
Nov 9, 2023
DIRAC's TokenManager does not check permissions on cached tokens
Critical
CVE-2024-24825
was published
for
DIRAC
(pip)
Feb 8, 2024
Apache Airflow vulnerable to Privilege Context Switching Error
Critical
CVE-2023-25754
was published
for
apache-airflow
(pip)
May 8, 2023
xalpha vulnerable to Remote Code Execution
Critical
CVE-2023-37659
was published
for
xalpha
(pip)
Jul 11, 2023
Zope Object Database (ZODB) Arbitrary files reading and deletion
Critical
CVE-2009-2701
was published
for
zodb3
(pip)
May 2, 2022
Zope Object Database (ZODB) vulnerable to arbitrary Python code execution in ZEO storage servers
Critical
CVE-2009-0668
was published
for
ZODB3
(pip)
May 2, 2022
ProTip!
Advisories are also available from the
GraphQL API