Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,444 advisories

Loading
Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints Moderate
CVE-2024-35189 was published for ethyca-fides (pip) Jun 2, 2024
adamsachs
Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects Moderate
CVE-2024-36112 was published for nautobot (pip) May 29, 2024
rockhopper Buffer Overflow vulnerability Moderate
CVE-2022-4969 was published for rockhopper (pip) May 28, 2024
dbt allows Binding to an Unrestricted IP Address via socketsocket Moderate
CVE-2024-36105 was published for dbt-core (pip) May 28, 2024
ericwb
jupyter-scheduler's endpoint is missing authentication Moderate
CVE-2024-28188 was published for jupyter-scheduler (pip) May 23, 2024
krassowski Carreau
andrii-i dlqqq yuvipanda
Denial of service in django Moderate
CVE-2011-4137 was published for django (pip) Jul 23, 2018
MarkLee131
XML External Entity (XXE) in Django Moderate
CVE-2013-1665 was published for Django (pip) May 17, 2022
MarkLee131
OpenStack Identity (Keystone) Denial of Service Moderate
CVE-2013-2014 was published for keystone (pip) May 13, 2022
MoinMoin Multiple cross-site scripting (XSS) vulnerabilities Moderate
CVE-2007-0857 was published for moin (pip) May 1, 2022
OpenStack Glance Server-Side Request Forgery (SSRF) Moderate
CVE-2017-7200 was published for glance (pip) May 17, 2022
Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library Moderate
CVE-2022-30187 was published for Azure.Storage.Blobs (Maven) Jul 13, 2022
andrewpollock
Django Improper Access Control Moderate
CVE-2007-0405 was published for Django (pip) May 1, 2022
MarkLee131
glance-store logs s3 access keys Moderate
CVE-2024-1141 was published for glance-store (pip) Feb 1, 2024
m3t3kh4n
Django Regex Algorithmic Complexity Causes Denial of Service Moderate
CVE-2009-3695 was published for Django (pip) May 2, 2022
DoS with algorithms that use PBKDF2 due to unbounded PBES2 Count value Moderate
CVE-2023-6681 was published for jwcrypto (pip) Dec 28, 2023
Ansible-core information disclosure flaw Moderate
CVE-2024-0690 was published for ansible-core (pip) Feb 6, 2024
Django Cross-site scripting (XSS) vulnerability Moderate
CVE-2008-2302 was published for django (pip) May 1, 2022
MarkLee131
Django cross-site request forgery (CSRF) vulnerability Moderate
CVE-2008-3909 was published for django (pip) May 2, 2022
MarkLee131
Improper query string handling in Django Moderate
CVE-2010-4534 was published for django (pip) Jul 23, 2018
MarkLee131
Improper date handling in Django Moderate
CVE-2010-4535 was published for django (pip) Jul 23, 2018
MarkLee131
XML Entity Expansion (XEE) in Django Moderate
CVE-2013-1664 was published for Django (pip) May 17, 2022
MarkLee131
OMERO.web must check that the JSONP callback is a valid function Moderate
CVE-2024-35180 was published for omero-web (pip) May 21, 2024
Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files Moderate
CVE-2024-1727 was published for gradio (pip) May 21, 2024
Duplicate Advisory: Cross-Site Request Forgery in Gradio Moderate
GHSA-3x9g-xfj5-fq84 was published for gradio (pip) Mar 21, 2024 withdrawn
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
ProTip! Advisories are also available from the GraphQL API