GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,001
Maven
5,000+
npm
3,713
NuGet
661
pip
3,384
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
427 advisories
Filter by severity
langchain arbitrary code execution vulnerability
Critical
CVE-2023-36258
was published
for
langchain
(pip)
Jul 3, 2023
Vyper negative array index bounds checks
Critical
CVE-2024-24563
was published
for
vyper
(pip)
Feb 7, 2024
Vyper's bounds check on built-in `slice()` function can be overflowed
Critical
CVE-2024-24561
was published
for
vyper
(pip)
Feb 1, 2024
transformers has a Deserialization of Untrusted Data vulnerability
Critical
CVE-2023-6730
was published
for
transformers
(pip)
Dec 19, 2023
Origin Validation Error in rdiffweb
Critical
CVE-2022-3457
was published
for
rdiffweb
(pip)
Oct 14, 2022
PaddlePaddle command injection in convert_shape_compare
Critical
CVE-2023-52314
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
PaddlePaddle command injection in _wget_download
Critical
CVE-2023-52311
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
PaddlePaddle command injection in get_online_pass_interval
Critical
CVE-2023-52310
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens
Critical
CVE-2023-43791
was published
for
label-studio
(pip)
Nov 9, 2023
WMAgent arbitrary code execution via a crafted dbs-client package
Critical
CVE-2022-34558
was published
for
global-workqueue
(pip)
Jul 29, 2022
exotel-py 0.1.6 includes code execution backdoor inserted by a third party
Critical
CVE-2022-38792
was published
for
exotel
(pip)
Aug 28, 2022
DIRAC's TokenManager does not check permissions on cached tokens
Critical
CVE-2024-24825
was published
for
DIRAC
(pip)
Feb 8, 2024
Apache Airflow vulnerable to Privilege Context Switching Error
Critical
CVE-2023-25754
was published
for
apache-airflow
(pip)
May 8, 2023
xalpha vulnerable to Remote Code Execution
Critical
CVE-2023-37659
was published
for
xalpha
(pip)
Jul 11, 2023
Zope Object Database (ZODB) Arbitrary files reading and deletion
Critical
CVE-2009-2701
was published
for
zodb3
(pip)
May 2, 2022
Zope Object Database (ZODB) vulnerable to arbitrary Python code execution in ZEO storage servers
Critical
CVE-2009-0668
was published
for
ZODB3
(pip)
May 2, 2022
Inconsistent Interpretation of HTTP Requests in twisted.web
Critical
CVE-2022-24801
was published
for
twisted
(pip)
Apr 4, 2022
Incorrect threshold signature computation in TUF
Critical
CVE-2020-6174
was published
for
tuf
(pip)
Aug 21, 2020
Exposure of Sensitive Information to an Unauthorized Actor in urllib3
Critical
CVE-2018-20060
was published
for
urllib3
(pip)
Dec 12, 2018
Improper Input Validation in Twisted
Critical
CVE-2020-10108
was published
for
Twisted
(pip)
Mar 31, 2020
HTTP Request Smuggling in Twisted
Critical
CVE-2020-10109
was published
for
Twisted
(pip)
Mar 31, 2020
ProTip!
Advisories are also available from the
GraphQL API