GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+
225 advisories
Filter by severity
llama-index vulnerable to arbitrary code execution
Critical
CVE-2023-39662
was published
for
llama-index
(pip)
Aug 15, 2023
Eval injection in Supybot/Limnoria
Critical
CVE-2019-19010
was published
for
limnoria
(pip)
Nov 20, 2019
LangChain vulnerable to code injection
Critical
CVE-2023-29374
was published
for
langchain
(pip)
Apr 5, 2023
Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library
Critical
CVE-2023-39631
was published
for
langchain
(pip)
Sep 1, 2023
langchain vulnerable to arbitrary code execution
Critical
CVE-2023-36281
was published
for
langchain
(pip)
Aug 22, 2023
LangChain vulnerable to arbitrary code execution
Critical
CVE-2023-38896
was published
for
langchain
(pip)
Aug 15, 2023
langchain Code Injection vulnerability
Critical
CVE-2023-36095
was published
for
langchain
(pip)
Aug 5, 2023
LangChain vulnerable to arbitrary code execution
Critical
CVE-2023-38860
was published
for
langchain
(pip)
Aug 15, 2023
joblib vulnerable to arbitrary code execution
Critical
CVE-2022-21797
was published
for
joblib
(pip)
Sep 27, 2022
ipycache is vulnerable to Code Injection
Critical
CVE-2019-7539
was published
for
ipycache
(pip)
Mar 25, 2019
graphite-web is vulnerable to Remote Code Execution
Critical
CVE-2013-5942
was published
for
graphite-web
(pip)
May 17, 2022
graphite-web is vulnerable to Remote Code Execution via renderLocalView function
Critical
CVE-2013-5093
was published
for
graphite-web
(pip)
May 17, 2022
Eve allows execution of arbitrary code
Critical
CVE-2018-8097
was published
for
eve
(pip)
Jul 12, 2018
django_make_app is vulnerable to Code Injection
Critical
CVE-2017-16764
was published
for
django_make_app
(pip)
Jul 13, 2018
remote code execution via git repo provider
Critical
CVE-2021-39159
was published
for
binderhub
(pip)
Aug 30, 2021
pyload-ng vulnerable to RCE with js2py sandbox escape
Critical
GHSA-r9pp-r4xf-597r
was published
for
pyload-ng
(pip)
Sep 9, 2024
XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet
Critical
CVE-2024-37901
was published
for
org.xwiki.platform:xwiki-platform-search-ui
(Maven)
Jul 31, 2024
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine
Critical
CVE-2024-45053
was published
for
ethyca-fides
(pip)
Sep 4, 2024
Code injection in stanford-parser
Critical
CVE-2023-39020
was published
for
edu.stanford.nlp:stanford-parser
(Maven)
Jul 28, 2023
Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py
Critical
CVE-2024-39236
was published
for
Gradio
(pip)
Jul 1, 2024
WWBN AVideo Remote Code Execution
Critical
CVE-2024-31819
was published
for
wwbn/avideo
(Composer)
Apr 10, 2024
Remote Code Execution in Apache Dolphinscheduler
Critical
CVE-2023-49109
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 20, 2024
LlamaIndex includes an exec call for `import {cls_name}`
Critical
CVE-2024-45201
was published
for
llama-index-core
(pip)
Aug 22, 2024
Apache Dolphinscheduler Code Injection vulnerability
Critical
CVE-2024-43202
was published
for
org.apache.dolphinscheduler:dolphinscheduler-task-api
(Maven)
Aug 20, 2024
ProTip!
Advisories are also available from the
GraphQL API