Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+

45 advisories

Loading
Apache Superset vulnerable to Injection Moderate
CVE-2022-43720 was published for apache-superset (pip) Jan 16, 2023
OctoPrint vulnerable to Special Element Injection Moderate
CVE-2022-3607 was published for OctoPrint (pip) Oct 19, 2022
vault-cli contains possible RCE when reading user-defined data High
CVE-2021-43837 was published for vault-cli (pip) Dec 16, 2021
ewjoachim
Remote Code Execution in Red Discord Bot High
CVE-2020-15147 was published for Red-DiscordBot (pip) Aug 21, 2020
Jackenmen
Remote Code Execution in Red Discord Bot High
CVE-2020-15140 was published for Red-DiscordBot (pip) Aug 21, 2020
douglascdev
HTTP response splitting in uvicorn High
CVE-2020-7695 was published for uvicorn (pip) Jul 29, 2020
Apache Spark vulnerable to Log Injection Moderate
CVE-2022-31777 was published for org.apache.spark:spark-core (Maven) Nov 1, 2022
kurt-r2c
Twisted CRLF Injection Moderate
CVE-2019-12387 was published for twisted (pip) Jun 10, 2019
pwntools Server-Side Template Injection (SSTI) vulnerability Critical
CVE-2020-28468 was published for pwntools (pip) Apr 20, 2021
CRLF Injection in pypiserver Moderate
CVE-2019-6802 was published for pypiserver (pip) Jan 30, 2019
tdunlap607
langchain vulnerable to arbitrary code execution Critical
CVE-2023-36188 was published for langchain (pip) Jul 6, 2023
CRLF injection in urllib3 Moderate
CVE-2020-26137 was published for urllib3 (pip) Jun 18, 2021
Sandbox escape via various forms of "format". High
CVE-2023-41039 was published for RestrictedPython (pip) Aug 30, 2023
ankush abhishekg999
d-maurer icemac Quasar0147
PandasAI vulnerable to arbitrary code execution Critical
CVE-2023-39661 was published for pandasai (pip) Aug 15, 2023
SQLFluff users with access to config file, using `libary_path` may call arbitrary python code Moderate
CVE-2023-36830 was published for sqlfluff (pip) Jul 6, 2023
Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration High
CVE-2023-33234 was published for apache-airflow-providers-cncf-kubernetes (pip) Jul 6, 2023
Langchain Server-Side Request Forgery vulnerability High
CVE-2023-32786 was published for langchain (pip) Oct 21, 2023
eyurtsev
Searchor CLI's Search vulnerable to Arbitrary Code using Eval Critical
CVE-2023-43364 was published for searchor (pip) Sep 25, 2023
Langchain SQL Injection vulnerability Critical
CVE-2023-32785 was published for langchain (pip) Oct 21, 2023
pyload Log Injection vulnerability Moderate
CVE-2024-21645 was published for pyload-ng (pip) Jan 8, 2024
PinkDraconian
RCE in TranformGraph().to_dot_graph function High
CVE-2023-41334 was published for astropy (pip) Mar 18, 2024
u32i
Arbitrary expression injection in Pillow Critical
CVE-2022-22817 was published for Pillow (pip) Jan 12, 2022
G-Rath
SaltStack Salt is vulnerable to shell injection via ProxyCommand argument Critical
CVE-2021-3197 was published for salt (pip) May 24, 2022
Reddit Terminal Viewer (RTV) vulnerable to argument injection attacks High
CVE-2017-17516 was published for rtv (pip) May 14, 2022
tqdm CLI arguments injection attack Low
CVE-2024-34062 was published for tqdm (pip) May 3, 2024
CopperEagle
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database