GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
39 advisories
Filter by severity
Moderate severity vulnerability that affects invenio-app
Moderate
CVE-2019-1020006
was published
for
invenio-app
(pip)
Jul 16, 2019
Apache Superset vulnerable to Injection
Moderate
CVE-2022-43720
was published
for
apache-superset
(pip)
Jan 16, 2023
Command injection in libvcs and vcspull
High
CVE-2022-21187
was published
for
libvcs
(pip)
Mar 15, 2022
OctoPrint vulnerable to Special Element Injection
Moderate
CVE-2022-3607
was published
for
OctoPrint
(pip)
Oct 19, 2022
HTML injection in email and account expiry notifications
Moderate
CVE-2021-21333
was published
for
matrix-synapse
(pip)
Mar 26, 2021
vault-cli contains possible RCE when reading user-defined data
High
CVE-2021-43837
was published
for
vault-cli
(pip)
Dec 16, 2021
lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through
High
CVE-2021-43818
was published
for
lxml
(pip)
Dec 13, 2021
Remote Code Execution in Red Discord Bot
High
CVE-2020-15147
was published
for
Red-DiscordBot
(pip)
Aug 21, 2020
Remote Code Execution in Red Discord Bot
High
CVE-2020-15140
was published
for
Red-DiscordBot
(pip)
Aug 21, 2020
Denial of service attack via incorrect parameters in Matrix Synapse
Moderate
CVE-2020-26257
was published
for
matrix-synapse
(pip)
Dec 9, 2020
LangChain vulnerable to code injection
Critical
CVE-2023-29374
was published
for
langchain
(pip)
Apr 5, 2023
Ansible Code Injection Vulnerability
Critical
CVE-2014-4678
was published
for
ansible
(pip)
May 24, 2022
Apache Spark vulnerable to Log Injection
Moderate
CVE-2022-31777
was published
for
org.apache.spark:spark-core
(Maven)
Nov 1, 2022
pwntools Server-Side Template Injection (SSTI) vulnerability
Critical
CVE-2020-28468
was published
for
pwntools
(pip)
Apr 20, 2021
langchain vulnerable to arbitrary code execution
Critical
CVE-2023-36188
was published
for
langchain
(pip)
Jul 6, 2023
Sandbox escape via various forms of "format".
High
CVE-2023-41039
was published
for
RestrictedPython
(pip)
Aug 30, 2023
LangChain vulnerable to arbitrary code execution
Critical
CVE-2023-38896
was published
for
langchain
(pip)
Aug 15, 2023
PandasAI vulnerable to arbitrary code execution
Critical
CVE-2023-39661
was published
for
pandasai
(pip)
Aug 15, 2023
LangChain vulnerable to arbitrary code execution
Critical
CVE-2023-39659
was published
for
langchain
(pip)
Aug 15, 2023
SQLFluff users with access to config file, using `libary_path` may call arbitrary python code
Moderate
CVE-2023-36830
was published
for
sqlfluff
(pip)
Jul 6, 2023
ProTip!
Advisories are also available from the
GraphQL API