Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

501 advisories

Loading
MLflow Server-Side Request Forgery (SSRF) Critical
CVE-2023-6974 was published for mlflow (pip) Dec 20, 2023
transformers has a Deserialization of Untrusted Data vulnerability Critical
CVE-2023-6730 was published for transformers (pip) Dec 19, 2023
Path traversal in MLflow Critical
CVE-2023-6831 was published for mlflow (pip) Dec 15, 2023
Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerability Critical
CVE-2023-6572 was published for gradio (pip) Dec 14, 2023
External Control of File Name or Path in h2oai/h2o-3 Critical
CVE-2023-6569 was published for h2o (pip) Dec 14, 2023
Improper Privilege Management in sap-xssec Critical
CVE-2023-50423 was published for sap-xssec (pip) Dec 13, 2023
rosenblueh
Duplicate Advisory: Privilege escalation in sap-xssec Critical
GHSA-p99h-pfg6-qrfg was published for sap-xssec (pip) Dec 12, 2023 withdrawn
SQL injection in Apache Submarine Critical
CVE-2023-37924 was published for apache-submarine (pip) Nov 22, 2023
r3kumar
Deserialization of Untrusted Data in apache-submarine Critical
CVE-2023-46302 was published for apache-submarine (pip) Nov 20, 2023
Ibis PyArrow dependency allows arbitrary code execution when loading a malicious data file Critical
GHSA-x563-6hqv-26mr was published for ibis-framework (pip) Nov 17, 2023
pitrou
MLflow authentication requirement bypass can allow a user to arbitrarily create an account Critical
CVE-2023-6014 was published for mlflow (pip) Nov 16, 2023
MarkLee131 yoshizawa-masatoshi
Ray Missing Authorization vulnerability Critical
CVE-2023-6020 was published for ray (pip) Nov 16, 2023
cpropps-sysdig
Remote Code Execution due to Full Controled File Write in mlflow Critical
CVE-2023-6018 was published for mlflow (pip) Nov 16, 2023
marco27183 mberges21
MLflow allowed arbitrary files to be PUT onto the server Critical
CVE-2023-6015 was published for mlflow (pip) Nov 16, 2023
Ray Path Traversal vulnerability Critical
CVE-2023-6021 was published for ray (pip) Nov 16, 2023
cpropps-sysdig
Ray OS Command Injection vulnerability Critical
CVE-2023-6019 was published for ray (pip) Nov 16, 2023
cpropps-sysdig
piccolo SQL Injection via named transaction savepoints Critical
CVE-2023-47128 was published for piccolo (pip) Nov 12, 2023
Skelmis
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens Critical
CVE-2023-43791 was published for label-studio (pip) Nov 9, 2023
alex-elttam Robbilie
PyArrow: Arbitrary code execution when loading a malicious data file Critical
CVE-2023-47248 was published for pyarrow (pip) Nov 9, 2023
pitrou r3kumar
transmute-core unsafe YAML deserialization vulnerability Critical
CVE-2023-47204 was published for transmute-core (pip) Nov 2, 2023
josefkorbel r3kumar
Langchain SQL Injection vulnerability Critical
CVE-2023-32785 was published for langchain (pip) Oct 21, 2023
bertuxdeveloper
modoboa Cross-site Scripting vulnerability Critical
CVE-2023-5688 was published for modoboa (pip) Oct 20, 2023
pyminizip affected by zlib's integer overflow/heap based buffer overflow vulnerability due to vulnerable dependency Critical
CVE-2023-45853 was published for pyminizip (pip) Oct 14, 2023
langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method Critical
CVE-2023-44467 was published for langchain-experimental (pip) Oct 9, 2023
TorchServe Server-Side Request Forgery vulnerability Critical
CVE-2023-43654 was published for torchserve (pip) Oct 2, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database