GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,802
Erlang
29
GitHub Actions
16
Go
1,713
Maven
4,948
npm
3,477
NuGet
605
pip
3,007
Pub
10
RubyGems
830
Rust
774
Swift
34
Unreviewed advisories
All unreviewed
5,000+
81 advisories
Filter by severity
code injection vulnerability exists in the huggingface/text-generation-inference repository
Moderate
CVE-2024-3924
was published
for
text-generation
(pip)
Jun 2, 2024
RunGptLLM class in LlamaIndex has a command injection
High
CVE-2024-4181
was published
for
llama-index
(pip)
May 16, 2024
litellm passes untrusted data to `eval` function without sanitization
High
CVE-2024-4264
was published
for
litellm
(pip)
May 18, 2024
OpenStack Swift Unchecked user input in XML responses
High
CVE-2013-2161
was published
for
swift
(pip)
May 14, 2022
Zope Object Database (ZODB) vulnerable to arbitrary Python code execution in ZEO storage servers
Moderate
CVE-2009-0668
was published
for
ZODB3
(pip)
May 2, 2022
IPython Notebook vulnerable to improper validation of the origin of websocket requests
Moderate
CVE-2014-3429
was published
for
ipython
(pip)
May 14, 2022
qlib Deserialization of Untrusted Data vulnerability
Moderate
CVE-2021-23338
was published
for
pyqlib
(pip)
May 24, 2022
GramAddict bot uses dependency with reverse tcp backdoor
High
CVE-2020-36245
was published
for
GramAddict
(pip)
May 24, 2022
SaltStack Salt Server Side Template Injection
Critical
CVE-2021-25283
was published
for
salt
(pip)
May 24, 2022
llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution
Critical
CVE-2024-3098
was published
for
llama-index-core
(pip)
Apr 10, 2024
Aim Web API vulnerable to Remote Code Execution
Critical
CVE-2024-2195
was published
for
aim
(pip)
Apr 10, 2024
PaddlePaddle vulnerable to remote code execution
Critical
CVE-2024-0917
was published
for
paddlepaddle
(pip)
Mar 7, 2024
llama-index vulnerable to arbitrary code execution
Critical
CVE-2023-39662
was published
for
llama-index
(pip)
Aug 15, 2023
Cobbler Web Interface Kickstart Template Remote Privilege Escalation Vulnerability
High
CVE-2008-6954
was published
for
cobbler
(pip)
May 17, 2022
vantage6 remote code execution vulnerability
High
CVE-2024-21649
was published
for
vantage6
(pip)
Jan 30, 2024
OpenStack Object Storage (swift) Code Injection vulnerability
Critical
CVE-2012-4406
was published
for
swift
(pip)
May 17, 2022
Code Injection in paddlepaddle
Critical
CVE-2024-0521
was published
for
paddlepaddle
(pip)
Jan 20, 2024
Code execution in Embedchain
Critical
CVE-2024-23731
was published
for
embedchain
(pip)
Jan 21, 2024
GitPython vulnerable to Remote Code Execution due to improper user input validation
High
CVE-2022-24439
was published
for
GitPython
(pip)
Dec 6, 2022
Cobbler vulnerable to code injection via unsafe YAML loading
Moderate
CVE-2011-4953
was published
for
cobbler
(pip)
May 17, 2022
Improper Input Validation and Command Injection in Ansible
High
CVE-2021-3583
was published
for
ansible
(pip)
Sep 23, 2021
ProTip!
Advisories are also available from the
GraphQL API