Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,090 advisories

Loading
Improper line feed handling in zenml Moderate
CVE-2024-4460 was published for zenml (pip) Jun 24, 2024
Remote Code Execution in create_conda_env function in lollms Moderate
CVE-2024-3121 was published for lollms (pip) Jun 24, 2024
pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS) High
CVE-2022-40897 was published for setuptools (pip) Dec 23, 2022
Remote Code Execution via path traversal bypass in lollms Critical
CVE-2024-5443 was published for lollms (pip) Jun 22, 2024
Open redirect in gradio Moderate
CVE-2024-4940 was published for gradio (pip) Jun 22, 2024
PyMySQL SQL Injection vulnerability Critical
CVE-2024-36039 was published for pymysql (pip) May 21, 2024
Using default SSLContext for HTTPS requests in an HTTPS proxy doesn't verify certificate hostname for proxy connection Moderate
CVE-2021-28363 was published for urllib3 (pip) Mar 19, 2021
jalopezsilva pquentin
Apache Avro Java SDK vulnerable to Improper Input Validation High
CVE-2023-39410 was published for avro (Maven) Sep 29, 2023
Improper Input Validation in pip Moderate
CVE-2021-3572 was published for pip (pip) Nov 15, 2021
MLFlow unsafe deserialization High
CVE-2024-37057 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37055 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37058 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37056 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37053 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37052 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37060 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37059 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37054 was published for mlflow (pip) Jun 4, 2024
litios
js2py allows remote code execution High
CVE-2024-28397 was published for js2py (pip) Jun 20, 2024
Apache Superset server arbitrary file read Moderate
CVE-2024-34693 was published for apache-superset (pip) Jun 20, 2024
Vyper negative array index bounds checks Critical
CVE-2024-24563 was published for vyper (pip) Feb 7, 2024
cyberthirst iFrostizz
Authlib has algorithm confusion with asymmetric public keys High
CVE-2024-37568 was published for authlib (pip) Jun 9, 2024
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability Moderate
CVE-2024-35255 was published for @azure/identity (Go) Jun 11, 2024
scottaddie localden
PyMongo Out-of-bounds Read in the bson module Moderate
CVE-2024-5629 was published for pymongo (pip) Jun 5, 2024
Vyper's external calls can overflow return data to return input buffer Low
CVE-2024-24560 was published for vyper (pip) Feb 2, 2024
zobront
ProTip! Advisories are also available from the GraphQL API