Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

435 advisories

Loading
langchain Code Injection vulnerability Critical
CVE-2023-36095 was published for langchain (pip) Aug 5, 2023
MindsDB can be made to not verify SSL certificates Critical
CVE-2023-38699 was published for MindsDB (pip) Aug 1, 2023
truesoni
Sydent does not verify email server certificates Critical
CVE-2023-38686 was published for matrix-sydent (pip) Jul 31, 2023
Command injection in PaddlePaddle Critical
CVE-2023-38673 was published for paddlepaddle (pip) Jul 26, 2023
MLflow Path Traversal vulnerability Critical
CVE-2023-3765 was published for mlflow (pip) Jul 19, 2023
postgraas-server vulnerable to SQL injection Critical
CVE-2018-25088 was published for postgraas-server (pip) Jul 18, 2023
xalpha vulnerable to Remote Code Execution Critical
CVE-2023-37659 was published for xalpha (pip) Jul 11, 2023
Withdrawn: Use after free in SciPy Critical
CVE-2023-29824 was published for scipy (pip) Jul 6, 2023 withdrawn
vin01
langchain vulnerable to arbitrary code execution Critical
CVE-2023-36188 was published for langchain (pip) Jul 6, 2023
langchain arbitrary code execution vulnerability Critical
CVE-2023-36258 was published for langchain (pip) Jul 3, 2023
Apache Airflow Hive Provider Beeline remote code execution with Principal Critical
CVE-2023-35797 was published for apache-airflow-providers-apache-hive (pip) Jul 3, 2023
pipreqs vulnerable to Dependency Confusion Critical
CVE-2023-31543 was published for pipreqs (pip) Jun 30, 2023
fief-server Server-Side Template Injection vulnerability Critical
GHSA-hj8m-9fhf-v7jp was published for fief-server (pip) Jun 23, 2023
rotil
Langchain vulnerable to arbitrary code execution Critical
CVE-2023-34541 was published for langchain (pip) Jun 20, 2023
Langchain OS Command Injection vulnerability Critical
CVE-2023-34540 was published for langchain (pip) Jun 14, 2023
toui allows user-specific variables to be shared between users Critical
CVE-2023-33175 was published for toui (pip) May 24, 2023
Ckan remote code execution and private information access via crafted resource ids Critical
CVE-2023-32321 was published for ckan (pip) May 24, 2023
YoloClin
mlflow Path Traversal vulnerability Critical
CVE-2023-2780 was published for mlflow (pip) May 17, 2023
Apache Airflow vulnerable to Privilege Context Switching Error Critical
CVE-2023-25754 was published for apache-airflow (pip) May 8, 2023
Django bypasses validation when using one form field to upload multiple files Critical
CVE-2023-31047 was published for Django (pip) May 7, 2023
Remote file access vulnerability in `mlflow server` and `mlflow ui` CLIs Critical
GHSA-83fm-w79m-64r5 was published for mlflow (pip) May 1, 2023
Buffer overflow in sponge queue functions Critical
CVE-2022-37454 was published for pysha3 (RubyGems) Apr 26, 2023
Improper Authorization in modoboa Critical
CVE-2023-2227 was published for modoboa (pip) Apr 21, 2023
Apache IoTDB Grafana Connector vulnerable to Improper Authentication Critical
CVE-2023-24831 was published for apache-iotdb (Maven) Apr 17, 2023
Apache Spark vulnerable to Improper Privilege Management Critical
CVE-2023-22946 was published for org.apache.spark:spark-core_2.12 (Maven) Apr 17, 2023
pan3793
ProTip! Advisories are also available from the GraphQL API