GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
844
Swift
36
Unreviewed advisories
All unreviewed
5,000+
411 advisories
Filter by severity
PyTorch vulnerable to arbitrary code execution
Critical
CVE-2022-45907
was published
for
torch
(pip)
Nov 26, 2022
Incomplete validation in boosted trees code
Critical
CVE-2021-41208
was published
for
tensorflow
(pip)
Nov 10, 2021
Langchain SQL Injection vulnerability
Critical
CVE-2023-32785
was published
for
langchain
(pip)
Oct 21, 2023
codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service
Critical
CVE-2024-10082
was published
for
codechecker
(pip)
Nov 6, 2024
codechecker vulnerable to authentication bypass when using specifically crafted URLs
Critical
CVE-2024-10081
was published
for
codechecker
(pip)
Nov 6, 2024
PaddlePaddle vulnerable to Code Injection
Critical
CVE-2022-46742
was published
for
paddlepaddle
(pip)
Dec 7, 2022
Improper Input Validation in PyYAML
Critical
CVE-2020-1747
was published
for
pyyaml
(pip)
Apr 20, 2021
Out of bounds access in tensorflow-lite
Critical
CVE-2020-15212
was published
for
tensorflow
(pip)
Sep 25, 2020
Waitress has request processing race condition in HTTP pipelining with invalid first request
Critical
CVE-2024-49768
was published
for
waitress
(pip)
Oct 29, 2024
pyload-ng vulnerable to RCE with js2py sandbox escape
Critical
CVE-2024-39205
was published
for
pyload-ng
(pip)
Sep 9, 2024
Out of bounds write in tensorflow-lite
Critical
CVE-2020-15214
was published
for
tensorflow
(pip)
Sep 25, 2020
SQLAlchemy vulnerable to SQL injection
Critical
CVE-2012-0805
was published
for
SQLAlchemy
(pip)
May 14, 2022
OpenStack Swauth object/proxy server writing Auth Token to log file
Critical
CVE-2017-16613
was published
for
swauth
(pip)
May 17, 2022
Integer Overflow or Wraparound in Google TensorFlow
Critical
CVE-2018-7575
was published
for
tensorflow
(pip)
Apr 30, 2019
SQLAlchemy is vulnerable to SQL Injection via group_by parameter
Critical
CVE-2019-7548
was published
for
SQLAlchemy
(pip)
Apr 16, 2019
SQLAlchemy vulnerable to SQL Injection via order_by parameter
Critical
CVE-2019-7164
was published
for
SQLAlchemy
(pip)
Apr 16, 2019
Deserialization of Untrusted Data in superset
Critical
CVE-2018-8021
was published
for
superset
(pip)
Nov 9, 2018
Deserialization of Untrusted Data in Tendenci
Critical
CVE-2020-14942
was published
for
tendenci
(pip)
Jun 18, 2021
Loaded Databook of Tablib prone to python insertion resulting in command execution
Critical
CVE-2017-2810
was published
for
tablib
(pip)
Jul 13, 2018
splunk-sdk does not properly verify untrusted TLS server certificates
Critical
CVE-2019-5729
was published
for
splunk-sdk
(pip)
Mar 25, 2019
SaltStack Salt allows compromised salt-minions to impersonate the salt-master
Critical
CVE-2017-7893
was published
for
salt
(pip)
May 13, 2022
SaltStack Salt Unauthenticated Remote Code Execution
Critical
CVE-2020-11651
was published
for
salt
(pip)
May 24, 2022
Improper Authentication in requests-kerberos
Critical
CVE-2014-8650
was published
for
requests-kerberos
(pip)
Mar 10, 2020
Roundup xml-rpc server improper check of property permissions
Critical
CVE-2008-1475
was published
for
roundup
(pip)
May 1, 2022
ProTip!
Advisories are also available from the
GraphQL API