Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,299
Erlang
31
GitHub Actions
21
Go
2,064
Maven
5,000+
npm
3,744
NuGet
668
pip
3,424
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,409 advisories

Loading
Clickjacking in zenml Moderate
CVE-2024-2383 was published for zenml (pip) Jun 6, 2024
Improper authorization in zenml Moderate
CVE-2024-2035 was published for zenml (pip) Jun 6, 2024
Server-Side Request Forgery in langchain-community.retrievers.web_research.WebResearchRetriever Moderate
CVE-2024-3095 was published for langchain-community (pip) Jun 6, 2024
eyurtsev
Denial of service in langchain-community Moderate
CVE-2024-2965 was published for langchain (pip) Jun 6, 2024
eyurtsev efriis
PyMongo Out-of-bounds Read in the bson module Moderate
CVE-2024-5629 was published for pymongo (pip) Jun 5, 2024
path traversal vulnerability was identified in the parisneo/lollms-webui Moderate
CVE-2024-4330 was published for lollms (pip) Jun 2, 2024
code injection vulnerability exists in the huggingface/text-generation-inference repository Moderate
CVE-2024-3924 was published for text-generation (pip) Jun 2, 2024
Improper Handling of Insufficient Permissions in `wagtail.contrib.settings` Moderate
CVE-2024-35228 was published for wagtail (pip) Jun 2, 2024
engineervix gasman
RealOrangeOne
Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints Moderate
CVE-2024-35189 was published for ethyca-fides (pip) Jun 2, 2024
adamsachs
Duplicate Advisory: Apache Superset uncontrolled resource consumption Moderate
CVE-2024-23952 was published for apache-superset (pip) May 30, 2024 withdrawn
Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects Moderate
CVE-2024-36112 was published for nautobot (pip) May 29, 2024
rockhopper Buffer Overflow vulnerability Moderate
CVE-2022-4969 was published for rockhopper (pip) May 28, 2024
dbt allows Binding to an Unrestricted IP Address via socketsocket Moderate
CVE-2024-36105 was published for dbt-core (pip) May 28, 2024
ericwb
jupyter-scheduler's endpoint is missing authentication Moderate
CVE-2024-28188 was published for jupyter-scheduler (pip) May 23, 2024
krassowski Carreau
andrii-i dlqqq yuvipanda
Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files Moderate
CVE-2024-1727 was published for gradio (pip) May 21, 2024
OMERO.web must check that the JSONP callback is a valid function Moderate
CVE-2024-35180 was published for omero-web (pip) May 21, 2024
Requests `Session` object does not verify requests after making first request with verify=False Moderate
CVE-2024-35195 was published for requests (pip) May 20, 2024
mikeassel sigmavirus24
nateprewitt
aiosmtpd STARTTLS unencrypted commands injection Moderate
CVE-2024-34083 was published for aiosmtpd (pip) May 20, 2024
Arusekk
MLflow allows low privilege users to delete any artifact Moderate
CVE-2024-4263 was published for mlflow (pip) May 16, 2024
Scrapy allows redirect following in protocols other than HTTP Moderate
GHSA-23j4-mw76-5v7h was published for Scrapy (pip) May 14, 2024
Scrapy's redirects ignoring scheme-specific proxy settings Moderate
GHSA-jm3v-qxmh-hxwv was published for Scrapy (pip) May 14, 2024
Scrapy leaks the authorization header on same-domain but cross-origin redirects Moderate
CVE-2024-1968 was published for Scrapy (pip) May 14, 2024
Szarny
Apache Airflow: XSS vulnerability in Task Instance Log/Log Details Moderate
CVE-2024-32077 was published for apache-airflow (pip) May 14, 2024
Apache Superset Incorrect Authorization vulnerability Moderate
CVE-2024-28148 was published for apache-superset (pip) May 7, 2024
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter Moderate
CVE-2024-34064 was published for Jinja2 (pip) May 6, 2024
Ry0taK
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database