Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

429 advisories

Loading
Exposure of Sensitive Information to an Unauthorized Actor in urllib3 Critical
CVE-2018-20060 was published for urllib3 (pip) Dec 12, 2018
python-scciclient vulnerable to Man-in-the-middle (MITM) attacks Critical
CVE-2022-2996 was published for python-scciclient (pip) Sep 2, 2022
WMAgent arbitrary code execution via a crafted dbs-client package Critical
CVE-2022-34558 was published for global-workqueue (pip) Jul 29, 2022
Plone Arbitrary Code Execution via Unsafe Handling of Pickles Critical
CVE-2007-5741 was published for plone (pip) May 1, 2022
exotel-py includes code execution backdoor inserted by a third party Critical
CVE-2022-38792 was published for exotel (pip) Aug 28, 2022
Vanna prompt injection code execution Critical
CVE-2024-5565 was published for vanna (pip) May 31, 2024
Improper Certificate Validation in Twisted Critical
CVE-2019-12855 was published for twisted (pip) Aug 16, 2019
Inconsistent Interpretation of HTTP Requests in twisted.web Critical
CVE-2022-24801 was published for twisted (pip) Apr 4, 2022
zeyu2001 twm
exarkun
HTTP Request Smuggling in Twisted Critical
CVE-2020-10109 was published for Twisted (pip) Mar 31, 2020
Improper Input Validation in Twisted Critical
CVE-2020-10108 was published for Twisted (pip) Mar 31, 2020
langchain arbitrary code execution vulnerability Critical
CVE-2023-36258 was published for langchain (pip) Jul 3, 2023
Vyper negative array index bounds checks Critical
CVE-2024-24563 was published for vyper (pip) Feb 7, 2024
cyberthirst iFrostizz
Vyper's bounds check on built-in `slice()` function can be overflowed Critical
CVE-2024-24561 was published for vyper (pip) Feb 1, 2024
zobront kuroi8
transformers has a Deserialization of Untrusted Data vulnerability Critical
CVE-2023-6730 was published for transformers (pip) Dec 19, 2023
Missing rate limit on rdiffweb Critical
CVE-2022-3439 was published for rdiffweb (pip) Oct 14, 2022
Origin Validation Error in rdiffweb Critical
CVE-2022-3457 was published for rdiffweb (pip) Oct 14, 2022
PaddlePaddle command injection in convert_shape_compare Critical
CVE-2023-52314 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle command injection in _wget_download Critical
CVE-2023-52311 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle command injection in get_online_pass_interval Critical
CVE-2023-52310 was published for PaddlePaddle (pip) Jan 3, 2024
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens Critical
CVE-2023-43791 was published for label-studio (pip) Nov 9, 2023
alex-elttam Robbilie
DIRAC's TokenManager does not check permissions on cached tokens Critical
CVE-2024-24825 was published for DIRAC (pip) Feb 8, 2024
chaen aldbr
chrisburr
Backdoor in api-res-py Critical
CVE-2022-31313 was published for api-res-py (pip) Jun 9, 2022
Apache Airflow vulnerable to Privilege Context Switching Error Critical
CVE-2023-25754 was published for apache-airflow (pip) May 8, 2023
xalpha vulnerable to Remote Code Execution Critical
CVE-2023-37659 was published for xalpha (pip) Jul 11, 2023
Zope Object Database (ZODB) Arbitrary files reading and deletion Critical
CVE-2009-2701 was published for zodb3 (pip) May 2, 2022
ProTip! Advisories are also available from the GraphQL API