GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,444 advisories
Filter by severity
scikit-learn sensitive data leakage vulnerability
Moderate
CVE-2024-5206
was published
for
scikit-learn
(pip)
Jun 6, 2024
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects
Moderate
CVE-2024-37891
was published
for
urllib3
(pip)
Jun 17, 2024
langchain_experimental Code Execution via Python REPL access
Moderate
CVE-2024-38459
was published
for
langchain-experimental
(pip)
Jun 16, 2024
Denial of service in langchain-community
Moderate
CVE-2024-2965
was published
for
langchain-community
(pip)
Jun 6, 2024
Invenio-Communities has a Cross-Site Scripting (XSS) vulnerability in React components
Moderate
GHSA-hjx6-f647-mvf9
was published
for
invenio-communities
(pip)
Jun 12, 2024
WordOps has TOCTOU race condition
Moderate
CVE-2024-34528
was published
for
wordops
(pip)
May 6, 2024
Apache Airflow: XSS vulnerability in Task Instance Log/Log Details
Moderate
CVE-2024-32077
was published
for
apache-airflow
(pip)
May 14, 2024
Requests `Session` object does not verify requests after making first request with verify=False
Moderate
CVE-2024-35195
was published
for
requests
(pip)
May 20, 2024
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
Moderate
CVE-2024-34064
was published
for
Jinja2
(pip)
May 6, 2024
Command Injection in pip when used with Mercurial
Moderate
CVE-2023-5752
was published
for
pip
(pip)
Oct 25, 2023
Tornado has a CRLF injection in CurlAsyncHTTPClient headers
Moderate
GHSA-w235-7p84-xx57
was published
for
tornado
(pip)
Jun 6, 2024
Arbitrary file deletion in litellm
Moderate
CVE-2024-4888
was published
for
litellm
(pip)
Jun 6, 2024
Server-Side Request Forgery in langchain
Moderate
CVE-2024-3095
was published
for
langchain
(pip)
Jun 6, 2024
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado
Moderate
GHSA-753j-mpmx-qq6g
was published
for
tornado
(pip)
Jun 6, 2024
PyMongo Out-of-bounds Read in the bson module
Moderate
GHSA-cr6f-gf5w-vhrc
was published
for
pymongo
(pip)
Apr 6, 2024
•
withdrawn
Microsoft Common Data Model SDK Denial of Service Vulnerability
Moderate
CVE-2023-36566
was published
for
Microsoft.CommonDataModel.ObjectModel
(Maven)
Oct 10, 2023
Improper Handling of Insufficient Permissions in `wagtail.contrib.settings`
Moderate
CVE-2024-35228
was published
for
wagtail
(pip)
Jun 2, 2024
path traversal vulnerability was identified in the parisneo/lollms-webui
Moderate
CVE-2024-4330
was published
for
lollms
(pip)
Jun 2, 2024
code injection vulnerability exists in the huggingface/text-generation-inference repository
Moderate
CVE-2024-3924
was published
for
text-generation
(pip)
Jun 2, 2024
ProTip!
Advisories are also available from the
GraphQL API