Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,753
Erlang
35
GitHub Actions
29
Go
2,326
Maven
5,000+
npm
3,956
NuGet
712
pip
3,740
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

58 advisories

Loading
Langroid has a Code Injection vulnerability in LanceDocChatAgent through vector_store High
CVE-2025-46725 was published for langroid (pip) May 20, 2025
SCH227
Pycel allows code injection via a crafted formula High
CVE-2024-53924 was published for pycel (pip) Apr 17, 2025
LoLLMS Code Injection vulnerability High
CVE-2024-6982 was published for lollms (pip) Mar 20, 2025
Arbitrary Code Execution via Crafted Keras Config for Model Loading High
CVE-2025-1550 was published for keras (pip) Mar 11, 2025
io-no
Duplicate Advisory: Keras arbitrary code execution vulnerability High
GHSA-5478-v2w6-c6q7 was published for keras (pip) Mar 11, 2025 withdrawn
Spacy-LLM Server-Side Template Injection (SSTI) vulnerability High
CVE-2025-25362 was published for spacy-llm (pip) Mar 5, 2025
pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution High
CVE-2024-56327 was published for pyrage (pip) Dec 19, 2024
gaby woodruffw
TorchGeo Remote Code Execution Vulnerability High
CVE-2024-49048 was published for torchgeo (pip) Nov 12, 2024
AgentScope uses `eval` High
CVE-2024-48050 was published for agentscope (pip) Nov 5, 2024
sqlitedict insecure deserialization vulnerability High
CVE-2024-35515 was published for sqlitedict (pip) Sep 18, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45851 was published for mindsdb (pip) Sep 12, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45848 was published for mindsdb (pip) Sep 12, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45846 was published for mindsdb (pip) Sep 12, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45850 was published for mindsdb (pip) Sep 12, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45849 was published for mindsdb (pip) Sep 12, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45847 was published for mindsdb (pip) Sep 12, 2024
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine High
CVE-2024-45053 was published for ethyca-fides (pip) Sep 4, 2024
grmpyninja andres-torres-marroquin
adamsachs daveqnet
Apache Airflow has DAG Author Code Execution possibility in airflow-scheduler High
CVE-2024-39877 was published for apache-airflow (pip) Jul 17, 2024
setuptools vulnerable to Command Injection via package URL High
CVE-2024-6345 was published for setuptools (pip) Jul 15, 2024
js2py allows remote code execution High
CVE-2024-28397 was published for js2py (pip) Jun 20, 2024
Langflow remote code execution vulnerability High
CVE-2024-37014 was published for langflow (pip) Jun 10, 2024
MLFlow improper input validation High
CVE-2024-37061 was published for mlflow (pip) Jun 4, 2024
litellm passes untrusted data to `eval` function without sanitization High
CVE-2024-4264 was published for litellm (pip) May 18, 2024
RunGptLLM class in LlamaIndex has a command injection High
CVE-2024-4181 was published for llama-index (pip) May 16, 2024
vantage6 remote code execution vulnerability High
CVE-2024-21649 was published for vantage6 (pip) Jan 30, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database