GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,802
Erlang
29
GitHub Actions
16
Go
1,713
Maven
4,948
npm
3,477
NuGet
605
pip
3,007
Pub
10
RubyGems
830
Rust
774
Swift
34
Unreviewed advisories
All unreviewed
5,000+
31 advisories
Filter by severity
Aim Web API vulnerable to Remote Code Execution
Critical
CVE-2024-2195
was published
for
aim
(pip)
Apr 10, 2024
llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution
Critical
CVE-2024-3098
was published
for
llama-index-core
(pip)
Apr 10, 2024
PaddlePaddle vulnerable to remote code execution
Critical
CVE-2024-0917
was published
for
paddlepaddle
(pip)
Mar 7, 2024
Code execution in Embedchain
Critical
CVE-2024-23731
was published
for
embedchain
(pip)
Jan 21, 2024
Code Injection in paddlepaddle
Critical
CVE-2024-0521
was published
for
paddlepaddle
(pip)
Jan 20, 2024
Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library
Critical
CVE-2023-39631
was published
for
langchain
(pip)
Sep 1, 2023
langchain vulnerable to arbitrary code execution
Critical
CVE-2023-36281
was published
for
langchain
(pip)
Aug 22, 2023
LangChain vulnerable to arbitrary code execution
Critical
CVE-2023-38860
was published
for
langchain
(pip)
Aug 15, 2023
LangChain vulnerable to arbitrary code execution
Critical
CVE-2023-38896
was published
for
langchain
(pip)
Aug 15, 2023
PandasAI vulnerable to arbitrary code execution
Critical
CVE-2023-39661
was published
for
pandasai
(pip)
Aug 15, 2023
llama-index vulnerable to arbitrary code execution
Critical
CVE-2023-39662
was published
for
llama-index
(pip)
Aug 15, 2023
langchain Code Injection vulnerability
Critical
CVE-2023-36095
was published
for
langchain
(pip)
Aug 5, 2023
xalpha vulnerable to Remote Code Execution
Critical
CVE-2023-37659
was published
for
xalpha
(pip)
Jul 11, 2023
Apache Airflow Hive Provider vulnerable to code injection
Critical
CVE-2023-28706
was published
for
apache-airflow-providers-apache-hive
(pip)
Apr 7, 2023
LangChain vulnerable to code injection
Critical
CVE-2023-29374
was published
for
langchain
(pip)
Apr 5, 2023
PaddlePaddle vulnerable to Code Injection
Critical
CVE-2022-46742
was published
for
PaddlePaddle
(pip)
Dec 7, 2022
PaddlePaddle vulnerable to code injection via winstr
Critical
CVE-2022-45908
was published
for
paddlepaddle
(pip)
Nov 26, 2022
SaltStack Salt Server Side Template Injection
Critical
CVE-2021-25283
was published
for
salt
(pip)
May 24, 2022
graphite-web is vulnerable to Remote Code Execution
Critical
CVE-2013-5942
was published
for
graphite-web
(pip)
May 17, 2022
graphite-web is vulnerable to Remote Code Execution via renderLocalView function
Critical
CVE-2013-5093
was published
for
graphite-web
(pip)
May 17, 2022
OpenStack Object Storage (swift) Code Injection vulnerability
Critical
CVE-2012-4406
was published
for
swift
(pip)
May 17, 2022
Code Injection in PyTorch Lightning
Critical
CVE-2022-0845
was published
for
pytorch-lightning
(pip)
Mar 6, 2022
remote code execution via git repo provider
Critical
CVE-2021-39159
was published
for
binderhub
(pip)
Aug 30, 2021
ProTip!
Advisories are also available from the
GraphQL API