GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
43 advisories
Filter by severity
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine
Critical
CVE-2024-45053
was published
for
ethyca-fides
(pip)
Sep 4, 2024
Ankitects Anki arbitrary script execution vulnerability
Critical
CVE-2024-26020
was published
for
anki
(pip)
Jul 22, 2024
pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint
Critical
CVE-2024-5980
was published
for
lightning
(pip)
Jun 27, 2024
litellm vulnerable to remote code execution based on using eval unsafely
Critical
CVE-2024-5751
was published
for
litellm
(pip)
Jun 27, 2024
llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata
Critical
CVE-2024-34359
was published
for
llama-cpp-python
(pip)
May 13, 2024
Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service
Critical
CVE-2024-32874
was published
for
frigate
(pip)
May 9, 2024
mlflow vulnerable to Path Traversal
Critical
CVE-2024-3573
was published
for
mlflow
(pip)
Apr 16, 2024
LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint
Critical
CVE-2024-2952
was published
for
litellm
(pip)
Apr 10, 2024
pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string
Critical
CVE-2024-23346
was published
for
pymatgen
(pip)
Feb 21, 2024
Code Injection in paddlepaddle
Critical
CVE-2024-0521
was published
for
paddlepaddle
(pip)
Jan 20, 2024
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation
Critical
CVE-2024-22416
was published
for
pyload-ng
(pip)
Jan 19, 2024
Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC
Critical
CVE-2024-21669
was published
for
aries-cloudagent
(pip)
Jan 9, 2024
MLFlow Path Traversal Vulnerability
Critical
CVE-2023-6975
was published
for
mlflow
(pip)
Dec 20, 2023
MLflow Server-Side Request Forgery (SSRF)
Critical
CVE-2023-6974
was published
for
mlflow
(pip)
Dec 20, 2023
Ibis PyArrow dependency allows arbitrary code execution when loading a malicious data file
Critical
GHSA-x563-6hqv-26mr
was published
for
ibis-framework
(pip)
Nov 17, 2023
Remote Code Execution due to Full Controled File Write in mlflow
Critical
CVE-2023-6018
was published
for
mlflow
(pip)
Nov 16, 2023
piccolo SQL Injection via named transaction savepoints
Critical
CVE-2023-47128
was published
for
piccolo
(pip)
Nov 12, 2023
PyArrow: Arbitrary code execution when loading a malicious data file
Critical
CVE-2023-47248
was published
for
pyarrow
(pip)
Nov 9, 2023
Heap-based buffer overflow in ZBar
Critical
CVE-2023-40889
was published
for
zbar
(pip)
Aug 29, 2023
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments
Critical
CVE-2023-40267
was published
for
GitPython
(pip)
Aug 11, 2023
Apache Spark vulnerable to Improper Privilege Management
Critical
CVE-2023-22946
was published
for
org.apache.spark:spark-core_2.12
(Maven)
Apr 17, 2023
CairoSVG improperly processes SVG files loaded from external resources
Critical
CVE-2023-27586
was published
for
CairoSVG
(pip)
Mar 20, 2023
VNCAuthProxy authentication bypass vulnerability
Critical
CVE-2022-36436
was published
for
vncauthproxy
(pip)
Sep 16, 2022
Path Traversal in django-s3file
Critical
CVE-2022-24840
was published
for
django-s3file
(pip)
Jun 6, 2022
ProTip!
Advisories are also available from the
GraphQL API