GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
76 advisories
Filter by severity
Reverb use after free vulnerability
Moderate
CVE-2024-8375
was published
for
dm-reverb
(pip)
Sep 19, 2024
sqlitedict insecure deserialization vulnerability
High
CVE-2024-35515
was published
for
sqlitedict
(pip)
Sep 18, 2024
LangChain pickle deserialization of untrusted data
Moderate
CVE-2024-5998
was published
for
langchain
(pip)
Sep 17, 2024
MindsDB Deserialization of Untrusted Data vulnerability
High
CVE-2024-45855
was published
for
mindsdb
(pip)
Sep 12, 2024
MindsDB Deserialization of Untrusted Data vulnerability
High
CVE-2024-45854
was published
for
mindsdb
(pip)
Sep 12, 2024
MindsDB Deserialization of Untrusted Data vulnerability
High
CVE-2024-45853
was published
for
mindsdb
(pip)
Sep 12, 2024
MindsDB Deserialization of Untrusted Data vulnerability
High
CVE-2024-45852
was published
for
mindsdb
(pip)
Sep 12, 2024
Django Tastypie Improper Deserialization of YAML Data
Critical
CVE-2011-4104
was published
for
django-tastypie
(pip)
May 14, 2022
conference-scheduler-cli Arbitrary Code Execution
High
CVE-2018-14572
was published
for
conference-scheduler-cli
(pip)
Oct 29, 2018
Cleanlab Deserialization of Untrusted Data vulnerability
High
CVE-2024-45857
was published
for
cleanlab
(pip)
Sep 12, 2024
Apache Airflow: pickle deserialization vulnerability in XComs
High
CVE-2023-50943
was published
for
apache-airflow
(pip)
Jan 24, 2024
Insecure default config of Celery worker in Apache Airflow
Critical
CVE-2020-11982
was published
for
apache-airflow
(pip)
Jul 27, 2020
Apache Airflow vulnerable arbitrary code execution via Spark server
High
CVE-2023-40195
was published
for
apache-airflow-providers-apache-spark
(pip)
Aug 28, 2023
CoAPthon3 vulnerable to Deserialization of Untrusted Data
High
CVE-2018-12679
was published
for
CoAPthon3
(pip)
Apr 8, 2019
ntlk unsafe deserialization vulnerability
High
CVE-2024-39705
was published
for
nltk
(pip)
Jun 28, 2024
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user
Critical
CVE-2024-2044
was published
for
pgAdmin4
(pip)
Mar 7, 2024
Apache Avro Java SDK vulnerable to Improper Input Validation
High
CVE-2023-39410
was published
for
avro
(Maven)
Sep 29, 2023
ProTip!
Advisories are also available from the
GraphQL API