GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
54 advisories
Tornado has incomplete validation of cookie attributes
Moderate
GHSA-78cv-mqj4-43f7
was published
for
tornado
(pip)
Mar 11, 2026
Apache Spark vulnerable to Log Injection
Moderate
CVE-2022-31777
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Nov 1, 2022
Ankitects Anki arbitrary script execution vulnerability
High
CVE-2024-26020
was published
for
anki
(pip)
Jul 22, 2024
pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters
High
CVE-2025-61773
was published
for
pyload-ng
(pip)
Oct 9, 2025
vault-cli contains possible RCE when reading user-defined data
Moderate
CVE-2021-43837
was published
for
vault-cli
(pip)
Dec 16, 2021
dbt has an implicit override for built-in materializations from installed packages
Low
CVE-2024-40637
was published
for
dbt-core
(pip)
Jul 17, 2024
Langchain SQL Injection vulnerability
Low
CVE-2024-8309
was published
for
langchain
(pip)
Oct 29, 2024
Langchain SQL Injection vulnerability
Critical
CVE-2023-32785
was published
for
langchain
(pip)
Oct 21, 2023
Remote Code Execution in Red Discord Bot
High
CVE-2020-15147
was published
for
Red-DiscordBot
(pip)
Aug 21, 2020
Remote Code Execution in Red Discord Bot
Moderate
CVE-2020-15140
was published
for
Red-DiscordBot
(pip)
Aug 21, 2020
Arbitrary expression injection in Pillow
Critical
CVE-2022-22817
was published
for
Pillow
(pip)
Jan 12, 2022
ProTip!
Advisories are also available from the
GraphQL API