GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
432 advisories
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation
Critical
CVE-2024-22416
was published
for
pyload-ng
(pip)
Jan 19, 2024
Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC
Critical
CVE-2024-21669
was published
for
aries-cloudagent
(pip)
Jan 9, 2024
Improper Privilege Management in sap-xssec
Critical
CVE-2023-50423
was published
for
sap-xssec
(pip)
Dec 13, 2023
SQL injection in Apache Submarine
Critical
CVE-2023-37924
was published
for
apache-submarine
(pip)
Nov 22, 2023
Ibis PyArrow dependency allows arbitrary code execution when loading a malicious data file
Critical
GHSA-x563-6hqv-26mr
was published
for
ibis-framework
(pip)
Nov 17, 2023
MLflow authentication requirement bypass can allow a user to arbitrarily create an account
Critical
CVE-2023-6014
was published
for
mlflow
(pip)
Nov 16, 2023
Ray Missing Authorization vulnerability
Critical
CVE-2023-6020
was published
for
ray
(pip)
Nov 16, 2023
Remote Code Execution due to Full Controled File Write in mlflow
Critical
CVE-2023-6018
was published
for
mlflow
(pip)
Nov 16, 2023
Ray OS Command Injection vulnerability
Critical
CVE-2023-6019
was published
for
ray
(pip)
Nov 16, 2023
piccolo SQL Injection via named transaction savepoints
Critical
CVE-2023-47128
was published
for
piccolo
(pip)
Nov 12, 2023
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens
Critical
CVE-2023-43791
was published
for
label-studio
(pip)
Nov 9, 2023
ProTip!
Advisories are also available from the
GraphQL API