GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
37 advisories
Filter by severity
Apache Avro Java SDK vulnerable to Improper Input Validation
High
CVE-2023-39410
was published
for
avro
(Maven)
Sep 29, 2023
Apache Airflow vulnerable arbitrary code execution via Spark server
High
CVE-2023-40195
was published
for
apache-airflow-providers-apache-spark
(pip)
Aug 28, 2023
autogluon.multimodal vulnerable to unsafe YAML deserialization
High
GHSA-6h2x-4gjf-jc5w
was published
for
autogluon.multimodal
(pip)
Sep 21, 2022
OISF suricata-update unsafely deserializes YAML data
High
CVE-2018-1000167
was published
for
suricata-update
(pip)
May 14, 2022
pytorch-lightning is vulnerable to Deserialization of Untrusted Data
High
CVE-2021-4118
was published
for
pytorch-lightning
(pip)
Jan 6, 2022
Arbitrary code execution due to YAML deserialization
High
CVE-2021-37678
was published
for
tensorflow
(pip)
Aug 25, 2021
Deserialization vulnerability exists in parso
High
CVE-2019-12760
was published
for
parso
(pip)
Jun 13, 2019
•
withdrawn
CoAPthon3 vulnerable to Deserialization of Untrusted Data
High
CVE-2018-12679
was published
for
CoAPthon3
(pip)
Apr 8, 2019
Apache Spark Deserialization of Untrusted Data vulnerability
High
CVE-2017-12612
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Nov 9, 2018
conference-scheduler-cli Arbitrary Code Execution
High
CVE-2018-14572
was published
for
conference-scheduler-cli
(pip)
Oct 29, 2018
ProTip!
Advisories are also available from the
GraphQL API