Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,331
Erlang
31
GitHub Actions
21
Go
2,093
Maven
5,000+
npm
3,756
NuGet
678
pip
3,443
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

432 advisories

Loading
Cross-site Scripting in MLFlow Critical
CVE-2024-27132 was published for mlflow (pip) Feb 24, 2024
MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution Critical
CVE-2024-27133 was published for mlflow (pip) Feb 24, 2024
oscerd gabby202308
PaddlePaddle vulnerable to remote code execution Critical
CVE-2024-0917 was published for paddlepaddle (pip) Mar 7, 2024
codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service Critical
CVE-2024-10082 was published for codechecker (pip) Nov 6, 2024
Discookie
LlamaIndex includes an exec call for `import {cls_name}` Critical
CVE-2024-45201 was published for llama-index-core (pip) Aug 22, 2024
Waitress has request processing race condition in HTTP pipelining with invalid first request Critical
CVE-2024-49768 was published for waitress (pip) Oct 29, 2024
digitalresistor mmerickel
Sentry's improper authentication on SAML SSO process allows user impersonation Critical
CVE-2025-22146 was published for sentry (pip) Jan 15, 2025
Muhammad-Qasim-Munir
Gradio Blocked Path ACL Bypass Vulnerability Critical
CVE-2025-23042 was published for gradio (pip) Jan 14, 2025
superboy-zjc jackfromeast
Rasa Allows Remote Code Execution via Remote Model Loading Critical
CVE-2024-49375 was published for rasa (pip) Jan 14, 2025
Ray Path Traversal vulnerability Critical
CVE-2023-6021 was published for ray (pip) Nov 16, 2023
cpropps-sysdig
Ray Missing Authorization vulnerability Critical
CVE-2023-6020 was published for ray (pip) Nov 16, 2023
cpropps-sysdig
Ray OS Command Injection vulnerability Critical
CVE-2023-6019 was published for ray (pip) Nov 16, 2023
cpropps-sysdig
Exposure of Sensitive Information to an Unauthorized Actor in urllib3 Critical
CVE-2018-20060 was published for urllib3 (pip) Dec 12, 2018
python-scciclient vulnerable to Man-in-the-middle (MITM) attacks Critical
CVE-2022-2996 was published for python-scciclient (pip) Sep 2, 2022
WMAgent arbitrary code execution via a crafted dbs-client package Critical
CVE-2022-34558 was published for global-workqueue (pip) Jul 29, 2022
Plone Arbitrary Code Execution via Unsafe Handling of Pickles Critical
CVE-2007-5741 was published for plone (pip) May 1, 2022
exotel-py includes code execution backdoor inserted by a third party Critical
CVE-2022-38792 was published for exotel (pip) Aug 28, 2022
Vanna prompt injection code execution Critical
CVE-2024-5565 was published for vanna (pip) May 31, 2024
Inconsistent Interpretation of HTTP Requests in twisted.web Critical
CVE-2022-24801 was published for twisted (pip) Apr 4, 2022
zeyu2001 twm
exarkun
Improper Certificate Validation in Twisted Critical
CVE-2019-12855 was published for twisted (pip) Aug 16, 2019
HTTP Request Smuggling in Twisted Critical
CVE-2020-10109 was published for Twisted (pip) Mar 31, 2020
Improper Input Validation in Twisted Critical
CVE-2020-10108 was published for Twisted (pip) Mar 31, 2020
langchain arbitrary code execution vulnerability Critical
CVE-2023-36258 was published for langchain (pip) Jul 3, 2023
Vyper negative array index bounds checks Critical
CVE-2024-24563 was published for vyper (pip) Feb 7, 2024
cyberthirst iFrostizz
Vyper's bounds check on built-in `slice()` function can be overflowed Critical
CVE-2024-24561 was published for vyper (pip) Feb 1, 2024
zobront kuroi8
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database