Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

518 advisories

Loading
Waitress has request processing race condition in HTTP pipelining with invalid first request Critical
CVE-2024-49768 was published for waitress (pip) Oct 29, 2024
digitalresistor mmerickel
Credited to digitalresistor and mmerickel
LlamaIndex includes an exec call for `import {cls_name}` Critical
CVE-2024-45201 was published for llama-index-core (pip) Aug 22, 2024
codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service Critical
CVE-2024-10082 was published for codechecker (pip) Nov 6, 2024
Discookie
Credited to Discookie
PaddlePaddle vulnerable to remote code execution Critical
CVE-2024-0917 was published for paddlepaddle (pip) Mar 7, 2024
PaddlePaddle Path Traversal vulnerability Critical
CVE-2024-0818 was published for paddlepaddle (pip) Mar 7, 2024
pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string Critical
CVE-2024-23346 was published for pymatgen (pip) Feb 21, 2024
SteakEnthusiast mkhorton
Credited to SteakEnthusiast and mkhorton
PandasAI interactive prompt function Remote Code Execution (RCE) Critical
CVE-2024-12366 was published for pandasai (pip) Feb 11, 2025
Apache Submarine Server Core Incorrect Authorization vulnerability Critical
CVE-2024-36265 was published for apache-submarine (Maven) Jun 12, 2024
Apache Airflow vulnerable to Privilege Context Switching Error Critical
CVE-2023-25754 was published for apache-airflow (pip) May 8, 2023
Apache Airflow Hive Provider Beeline remote code execution with Principal Critical
CVE-2023-35797 was published for apache-airflow-providers-apache-hive (pip) Jul 3, 2023
Withdrawn Advisory: Command injection in Ray Critical
CVE-2024-57000 was published for ray (pip) Feb 12, 2025 withdrawn
python-jose algorithm confusion with OpenSSH ECDSA keys Critical
CVE-2024-33663 was published for python-jose (pip) Apr 26, 2024
Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library Critical
CVE-2023-39631 was published for langchain (pip) Sep 1, 2023
eyurtsev
Credited to eyurtsev
Jupyter Server Proxy's Websocket Proxying does not require authentication Critical
CVE-2024-28179 was published for jupyter-server-proxy (pip) Mar 20, 2024
yuvipanda consideRatio
manics minrk krassowski dlqqq eddelbuettel
Credited to yuvipanda, consideRatio, manics, minrk, krassowski, dlqqq, and eddelbuettel
langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method Critical
CVE-2023-44467 was published for langchain-experimental (pip) Oct 9, 2023
LTI JupyterHub Authenticator does not properly validate JWT Signature Critical
CVE-2023-25574 was published for jupyterhub-ltiauthenticator (pip) Feb 25, 2025
consideRatio
Credited to consideRatio
Jupyter Server Proxy has a reflected XSS issue in host parameter Critical
CVE-2024-35225 was published for jupyter-server-proxy (pip) Jun 11, 2024
dlqqq
Credited to dlqqq
Duplicate Advisory: Qiskit allows arbitrary code execution decoding QPY format versions < 13 Critical
GHSA-3pwp-2fqj-6g2p was published for qiskit (pip) Mar 14, 2025 withdrawn
H2O Deserialization of Untrusted Data Vulnerability Critical
CVE-2024-10553 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
AgentScope Deserialization Vulnerability Critical
CVE-2024-8502 was published for agentscope (pip) Mar 20, 2025
AgentScope path traversal vulnerability Critical
CVE-2024-8537 was published for agentscope (pip) Mar 20, 2025
AgentScope path traversal vulnerability in save-workflow Critical
CVE-2024-8551 was published for agentscope (pip) Mar 20, 2025
Aim path traversal in LockManager.release_locks Critical
CVE-2024-8769 was published for aim (pip) Mar 20, 2025
BentoML deserialization vulnerability Critical
CVE-2024-9070 was published for bentoml (pip) Mar 20, 2025
Kedro deserialization vulnerability Critical
CVE-2024-9701 was published for kedro (pip) Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database