Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

3,112 advisories

Loading
langchain arbitrary code execution vulnerability Critical
CVE-2023-36258 was published for langchain (pip) Jul 3, 2023
Vyper negative array index bounds checks Critical
CVE-2024-24563 was published for vyper (pip) Feb 7, 2024
cyberthirst iFrostizz
Vyper's bounds check on built-in `slice()` function can be overflowed Critical
CVE-2024-24561 was published for vyper (pip) Feb 1, 2024
zobront kuroi8
transformers has a Deserialization of Untrusted Data vulnerability Critical
CVE-2023-6730 was published for transformers (pip) Dec 19, 2023
Patchelf out-of-bounds read Critical
CVE-2022-44940 was published for patchelf (pip) Dec 20, 2022
Missing rate limit on rdiffweb Critical
CVE-2022-3439 was published for rdiffweb (pip) Oct 14, 2022
Origin Validation Error in rdiffweb Critical
CVE-2022-3457 was published for rdiffweb (pip) Oct 14, 2022
PaddlePaddle command injection in convert_shape_compare Critical
CVE-2023-52314 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle command injection in _wget_download Critical
CVE-2023-52311 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle command injection in get_online_pass_interval Critical
CVE-2023-52310 was published for PaddlePaddle (pip) Jan 3, 2024
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens Critical
CVE-2023-43791 was published for label-studio (pip) Nov 9, 2023
alex-elttam Robbilie
WMAgent arbitrary code execution via a crafted dbs-client package Critical
CVE-2022-34558 was published for global-workqueue (pip) Jul 29, 2022
exotel-py 0.1.6 includes code execution backdoor inserted by a third party Critical
CVE-2022-38792 was published for exotel (pip) Aug 28, 2022
DIRAC's TokenManager does not check permissions on cached tokens Critical
CVE-2024-24825 was published for DIRAC (pip) Feb 8, 2024
chaen aldbr
chrisburr
Backdoor in api-res-py Critical
CVE-2022-31313 was published for api-res-py (pip) Jun 9, 2022
Grafana plugin SDK Information Leakage Critical
CVE-2024-8986 was published for github.com/grafana/grafana-plugin-sdk-go (Go) Sep 19, 2024
.NET Remote Code Execution Vulnerability Critical
CVE-2024-43498 was published for System.Formats.Nrbf (NuGet) Nov 12, 2024
matt-phylum
Apache Airflow vulnerable to Privilege Context Switching Error Critical
CVE-2023-25754 was published for apache-airflow (pip) May 8, 2023
xalpha vulnerable to Remote Code Execution Critical
CVE-2023-37659 was published for xalpha (pip) Jul 11, 2023
Zope Object Database (ZODB) Arbitrary files reading and deletion Critical
CVE-2009-2701 was published for zodb3 (pip) May 2, 2022
Code injection in ymlref Critical
CVE-2018-20133 was published for ymlref (pip) Dec 19, 2018
OS Command Injection in gogs Critical
CVE-2022-1884 was published for gogs.io/gogs (Go) Jun 2, 2022
1135
Apache Tomcat - Authentication Bypass Critical
CVE-2024-52316 was published for org.apache.tomcat:tomcat-catalina (Maven) Nov 18, 2024
Inconsistent Interpretation of HTTP Requests in twisted.web Critical
CVE-2022-24801 was published for twisted (pip) Apr 4, 2022
zeyu2001 twm
exarkun
ProTip! Advisories are also available from the GraphQL API