Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

411 advisories

Loading
PyTorch vulnerable to arbitrary code execution Critical
CVE-2022-45907 was published for torch (pip) Nov 26, 2022
WilliamsCJ
Incomplete validation in boosted trees code Critical
CVE-2021-41208 was published for tensorflow (pip) Nov 10, 2021
Langchain SQL Injection vulnerability Critical
CVE-2023-32785 was published for langchain (pip) Oct 21, 2023
bertuxdeveloper
codechecker vulnerable to authentication bypass when using specifically crafted URLs Critical
CVE-2024-10081 was published for codechecker (pip) Nov 6, 2024
Discookie dkrupp
PaddlePaddle vulnerable to Code Injection Critical
CVE-2022-46742 was published for paddlepaddle (pip) Dec 7, 2022
mattberry3
Improper Input Validation in PyYAML Critical
CVE-2020-1747 was published for pyyaml (pip) Apr 20, 2021
tdunlap607 amita-seal
Out of bounds access in tensorflow-lite Critical
CVE-2020-15212 was published for tensorflow (pip) Sep 25, 2020
Waitress has request processing race condition in HTTP pipelining with invalid first request Critical
CVE-2024-49768 was published for waitress (pip) Oct 29, 2024
digitalresistor mmerickel
pyload-ng vulnerable to RCE with js2py sandbox escape Critical
CVE-2024-39205 was published for pyload-ng (pip) Sep 9, 2024
Marven11
Out of bounds write in tensorflow-lite Critical
CVE-2020-15214 was published for tensorflow (pip) Sep 25, 2020
SQLAlchemy vulnerable to SQL injection Critical
CVE-2012-0805 was published for SQLAlchemy (pip) May 14, 2022
OpenStack Swauth object/proxy server writing Auth Token to log file Critical
CVE-2017-16613 was published for swauth (pip) May 17, 2022
SVGlib Vulnerable to XXE Attacks Critical
CVE-2020-10799 was published for svglib (pip) May 6, 2021
Integer Overflow or Wraparound in Google TensorFlow Critical
CVE-2018-7575 was published for tensorflow (pip) Apr 30, 2019
SQLAlchemy is vulnerable to SQL Injection via group_by parameter Critical
CVE-2019-7548 was published for SQLAlchemy (pip) Apr 16, 2019
SQLAlchemy vulnerable to SQL Injection via order_by parameter Critical
CVE-2019-7164 was published for SQLAlchemy (pip) Apr 16, 2019
Deserialization of Untrusted Data in superset Critical
CVE-2018-8021 was published for superset (pip) Nov 9, 2018
Deserialization of Untrusted Data in Tendenci Critical
CVE-2020-14942 was published for tendenci (pip) Jun 18, 2021
Loaded Databook of Tablib prone to python insertion resulting in command execution Critical
CVE-2017-2810 was published for tablib (pip) Jul 13, 2018
splunk-sdk does not properly verify untrusted TLS server certificates Critical
CVE-2019-5729 was published for splunk-sdk (pip) Mar 25, 2019
SaltStack Salt allows compromised salt-minions to impersonate the salt-master Critical
CVE-2017-7893 was published for salt (pip) May 13, 2022
SaltStack Salt Unauthenticated Remote Code Execution Critical
CVE-2020-11651 was published for salt (pip) May 24, 2022
Improper Authentication in requests-kerberos Critical
CVE-2014-8650 was published for requests-kerberos (pip) Mar 10, 2020
Roundup xml-rpc server improper check of property permissions Critical
CVE-2008-1475 was published for roundup (pip) May 1, 2022
anonymous4ACL24
ProTip! Advisories are also available from the GraphQL API