Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

48 advisories

Loading
PaddlePaddle vulnerable to code injection via winstr Critical
CVE-2022-45908 was published for paddlepaddle (pip) Nov 26, 2022
Apache Airflow Hive Provider vulnerable to code injection Critical
CVE-2023-28706 was published for apache-airflow-providers-apache-hive (pip) Apr 7, 2023
Code Injection in pyload-ng Critical
CVE-2023-0297 was published for pyload-ng (pip) Jan 14, 2023
PandasAI vulnerable to arbitrary code execution Critical
CVE-2023-39661 was published for pandasai (pip) Aug 15, 2023
Code execution in Embedchain Critical
CVE-2024-23731 was published for embedchain (pip) Jan 21, 2024
Code Injection in paddlepaddle Critical
CVE-2024-0521 was published for paddlepaddle (pip) Jan 20, 2024
OpenStack Object Storage (swift) Code Injection vulnerability Critical
CVE-2012-4406 was published for swift (pip) May 17, 2022
Code execution in pandasai Critical
CVE-2024-23752 was published for pandasai (pip) Jan 22, 2024
PaddlePaddle vulnerable to remote code execution Critical
CVE-2024-0917 was published for paddlepaddle (pip) Mar 7, 2024
llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution Critical
CVE-2024-3098 was published for llama-index-core (pip) Apr 10, 2024
vanna vulnerable to remote code execution caused by prompt injection Critical
CVE-2024-5826 was published for vanna (pip) Jun 27, 2024
litellm vulnerable to remote code execution based on using eval unsafely Critical
CVE-2024-5751 was published for litellm (pip) Jun 27, 2024
CraftBeerPi 4 allows arbitrary code execution Critical
CVE-2024-3955 was published for cbpi4 (pip) May 2, 2024
Keras code injection vulnerability Critical
CVE-2024-3660 was published for keras (pip) Apr 16, 2024
LlamaIndex includes an exec call for `import {cls_name}` Critical
CVE-2024-45201 was published for llama-index-core (pip) Aug 22, 2024
remote code execution via git repo provider Critical
CVE-2021-39159 was published for binderhub (pip) Aug 30, 2021
dreyercito rccern
Code Injection in Django Critical
CVE-2014-0472 was published for Django (pip) May 17, 2022
MarkLee131
django_make_app is vulnerable to Code Injection Critical
CVE-2017-16764 was published for django_make_app (pip) Jul 13, 2018
Eve allows execution of arbitrary code Critical
CVE-2018-8097 was published for eve (pip) Jul 12, 2018
graphite-web is vulnerable to Remote Code Execution via renderLocalView function Critical
CVE-2013-5093 was published for graphite-web (pip) May 17, 2022
graphite-web is vulnerable to Remote Code Execution Critical
CVE-2013-5942 was published for graphite-web (pip) May 17, 2022
ipycache is vulnerable to Code Injection Critical
CVE-2019-7539 was published for ipycache (pip) Mar 25, 2019
joblib vulnerable to arbitrary code execution Critical
CVE-2022-21797 was published for joblib (pip) Sep 27, 2022
dawookie
LangChain vulnerable to arbitrary code execution Critical
CVE-2023-38860 was published for langchain (pip) Aug 15, 2023
ProTip! Advisories are also available from the GraphQL API