GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,036 advisories
Filter by severity
langchain arbitrary code execution vulnerability
Critical
CVE-2023-36258
was published
for
langchain
(pip)
Jul 3, 2023
libtaxii Server-Side Request Forgery vulnerability
Critical
CVE-2020-27197
was published
for
libtaxii
(pip)
Apr 30, 2021
Langchain vulnerable to arbitrary code execution
Critical
CVE-2023-34541
was published
for
langchain
(pip)
Jun 20, 2023
Command injection in libvcs and vcspull
Critical
CVE-2022-21187
was published
for
libvcs
(pip)
Mar 15, 2022
LangChain vulnerable to arbitrary code execution
Critical
CVE-2023-38896
was published
for
langchain
(pip)
Aug 15, 2023
LangChain vulnerable to arbitrary code execution
Critical
CVE-2023-39659
was published
for
langchain
(pip)
Aug 15, 2023
Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting
Critical
CVE-2024-47186
was published
for
filament/infolists
(Composer)
Sep 27, 2024
Koji hub call does not perform correct access checks
Critical
CVE-2018-1002150
was published
for
koji
(pip)
Jul 12, 2018
Improper Restriction of XML External Entity Reference in ladon
Critical
CVE-2019-1010268
was published
for
ladon
(pip)
Jul 26, 2019
langchain Code Injection vulnerability
Critical
CVE-2023-36095
was published
for
langchain
(pip)
Aug 5, 2023
LangChain vulnerable to arbitrary code execution
Critical
CVE-2023-38860
was published
for
langchain
(pip)
Aug 15, 2023
python-kerberos vulnerable to KDC spoofing attacks
Critical
CVE-2015-3206
was published
for
kerberos
(pip)
May 14, 2022
Gradio allows users to access arbitrary files
Critical
GHSA-m842-4qm8-7gpq
was published
for
gradio
(pip)
Sep 25, 2024
Heap-based Buffer Overflow in sqlite-vec
Critical
CVE-2024-46488
was published
for
sqlite-vec
(RubyGems)
Sep 25, 2024
Apache Submarine Server Core Incorrect Authorization vulnerability
Critical
CVE-2024-36265
was published
for
apache-submarine
(Maven)
Jun 12, 2024
Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal
Critical
CVE-2024-47169
was published
for
agnai
(npm)
Sep 26, 2024
Mercurial is vulnerable to shell injection attack
Critical
CVE-2017-1000116
was published
for
mercurial
(pip)
May 13, 2022
Mercurial mishandles integer addition and subtraction
Critical
CVE-2018-13347
was published
for
mercurial
(pip)
May 13, 2022
JGit Improper Input Validation vulnerability
Critical
CVE-2014-9390
was published
for
mercurial
(Maven)
May 17, 2022
HTTP client can manipulate custom HTTP headers that are added by Traefik
Critical
CVE-2024-45410
was published
for
github.com/traefik/traefik
(Go)
Sep 19, 2024
Dragonfly2 has hard coded cyptographic key
Critical
CVE-2023-27584
was published
for
d7y.io/dragonfly/v2
(Go)
Sep 19, 2024
Chaosblade vulnerable to OS command execution
Critical
CVE-2023-47105
was published
for
github.com/chaosblade-io/chaosblade
(Go)
Sep 18, 2024
Mellium allows Authentication Bypass by Spoofing
Critical
CVE-2024-46957
was published
for
mellium.im/xmpp
(Go)
Sep 25, 2024
Mercurial vulnerable to arbitrary code injection
Critical
CVE-2017-17458
was published
for
mercurial
(pip)
May 13, 2022
Undirectional routing wasn't respected in some cases in Mitogen
Critical
CVE-2019-15149
was published
for
mitogen
(pip)
Aug 19, 2019
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API