GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
54 advisories
Filter by severity
Arbitrary Code Generation
High
CVE-2020-15142
was published
for
openapi-python-client
(pip)
Aug 20, 2020
vault-cli contains possible RCE when reading user-defined data
High
CVE-2021-43837
was published
for
vault-cli
(pip)
Dec 16, 2021
Code injection in `saved_model_cli` in TensorFlow
High
CVE-2022-29216
was published
for
tensorflow
(pip)
May 24, 2022
Remote Code Execution in Red Discord Bot
High
CVE-2020-15147
was published
for
Red-DiscordBot
(pip)
Aug 21, 2020
Code injection in `saved_model_cli`
High
CVE-2021-41228
was published
for
tensorflow
(pip)
Nov 10, 2021
Cobbler is vulnerable to code injection
High
CVE-2010-2235
was published
for
cobbler
(pip)
May 17, 2022
pgadmin4 vulnerable to Code Injection
High
CVE-2022-4223
was published
for
pgadmin4
(pip)
Dec 13, 2022
Improper Control of Generation of Code ('Code Injection') in Azure CLI
High
CVE-2022-39327
was published
for
azure-cli
(pip)
Oct 25, 2022
NYUCCL psiTurk IS vulnerable to Improper Neutralization of Special Elements
High
CVE-2021-4315
was published
for
psiTurk
(pip)
Jan 29, 2023
sqla-yaml-fixtures is vulnerable to Code Injection
High
CVE-2019-3575
was published
for
sqla-yaml-fixtures
(pip)
Jan 4, 2019
Powerline Gitstatus vulnerable to arbitrary code execution
High
CVE-2022-42906
was published
for
powerline-gitstatus
(pip)
Oct 13, 2022
Plone Arbitrary Code Execution via Unsafe Handling of Pickles
High
CVE-2007-5741
was published
for
plone
(pip)
May 1, 2022
Poetry Argument Injection can lead to Local Code Execution
High
CVE-2022-36069
was published
for
poetry
(pip)
Sep 16, 2022
Reportlab vulnerable to remote code execution
High
CVE-2023-33733
was published
for
reportlab
(pip)
Jun 5, 2023
pandasai vulnerable to prompt injection
High
CVE-2023-39660
was published
for
pandasai
(pip)
Aug 21, 2023
ProTip!
Advisories are also available from the
GraphQL API