Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,444 advisories

Loading
langchain vulnerable to path traversal Moderate
CVE-2024-3571 was published for langchain (pip) Apr 16, 2024
Cross-site Scripting (XSS) in mindsdb/mindsdb Moderate
CVE-2024-3575 was published for mindsdb (pip) Apr 16, 2024
zenml Session Fixation vulnerability Moderate
CVE-2024-2260 was published for zenml (pip) Apr 16, 2024
gradio Server-Side Request Forgery vulnerability Moderate
CVE-2024-1183 was published for gradio (pip) Apr 16, 2024
Pydantic regular expression denial of service Moderate
CVE-2024-3772 was published for pydantic (pip) Apr 15, 2024
OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack Moderate
CVE-2024-28718 was published for magnum (pip) Apr 12, 2024
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode Moderate
CVE-2024-3651 was published for idna (pip) Apr 11, 2024
guidovranken
Potential DoS via the Tudoor mechanism in eventlet and dnspython Moderate
CVE-2023-29483 was published for dnspython (pip) Apr 11, 2024
PyMongo Out-of-bounds Read in the bson module Moderate
GHSA-cr6f-gf5w-vhrc was published for pymongo (pip) Apr 6, 2024 withdrawn
Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check Moderate
CVE-2024-31215 was published for mobsf (pip) Apr 4, 2024
Pillow buffer overflow vulnerability Moderate
CVE-2024-28219 was published for pillow (pip) Apr 3, 2024
Saleor: Customers' addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method Moderate
CVE-2024-29888 was published for saleor (pip) Mar 28, 2024
Apache Airflow Improper Preservation of Permissions vulnerability Moderate
CVE-2024-29735 was published for apache-airflow (pip) Mar 26, 2024
LangChain's XMLOutputParser vulnerable to XML Entity Expansion Moderate
CVE-2024-1455 was published for langchain-core (pip) Mar 26, 2024
eyurtsev
Duplicate Advisory: Cross-Site Request Forgery in Gradio Moderate
GHSA-3x9g-xfj5-fq84 was published for gradio (pip) Mar 21, 2024 withdrawn
`qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code Moderate
CVE-2024-29032 was published for qiskit-ibm-runtime (pip) Mar 20, 2024
richrines1
Black vulnerable to Regular Expression Denial of Service (ReDoS) Moderate
CVE-2024-21503 was published for black (pip) Mar 19, 2024
XSS via the "Snapshot Test" feature in Classic Webcam plugin settings Moderate
CVE-2024-28237 was published for OctoPrint (pip) Mar 18, 2024
jacopotediosi
Information leakage in YAQL Moderate
CVE-2024-29156 was published for yaql (pip) Mar 18, 2024
Improper Privilege Management in djangorestframework-simplejwt Moderate
CVE-2024-22513 was published for djangorestframework-simplejwt (pip) Mar 16, 2024
r3kumar
vantage6 vulnerable to a username timing attack on recover password/MFA token Moderate
CVE-2024-24770 was published for vantage6 (pip) Mar 15, 2024
vantage6's CORS settings overly permissive Moderate
CVE-2024-23823 was published for vantage6 (pip) Mar 15, 2024
Whoogle Search Cross-site Scripting vulnerability Moderate
CVE-2024-22417 was published for whoogle-search (pip) Mar 14, 2024
Whoogle Search Path Traversal vulnerability Moderate
CVE-2024-22204 was published for whoogle-search (pip) Mar 14, 2024
Apache Airflow: Ignored Airflow Permission Moderate
CVE-2024-28746 was published for apache-airflow (pip) Mar 14, 2024
oscerd
ProTip! Advisories are also available from the GraphQL API