GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,439 advisories
Filter by severity
OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack
Moderate
CVE-2024-28718
was published
for
magnum
(pip)
Apr 12, 2024
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode
Moderate
CVE-2024-3651
was published
for
idna
(pip)
Apr 11, 2024
Potential DoS via the Tudoor mechanism in eventlet and dnspython
Moderate
CVE-2023-29483
was published
for
dnspython
(pip)
Apr 11, 2024
PyMongo Out-of-bounds Read in the bson module
Moderate
GHSA-cr6f-gf5w-vhrc
was published
for
pymongo
(pip)
Apr 6, 2024
•
withdrawn
Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check
Moderate
CVE-2024-31215
was published
for
mobsf
(pip)
Apr 4, 2024
Pillow buffer overflow vulnerability
Moderate
CVE-2024-28219
was published
for
pillow
(pip)
Apr 3, 2024
Saleor: Customers' addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method
Moderate
CVE-2024-29888
was published
for
saleor
(pip)
Mar 28, 2024
Apache Airflow Improper Preservation of Permissions vulnerability
Moderate
CVE-2024-29735
was published
for
apache-airflow
(pip)
Mar 26, 2024
LangChain's XMLOutputParser vulnerable to XML Entity Expansion
Moderate
CVE-2024-1455
was published
for
langchain-core
(pip)
Mar 26, 2024
Duplicate Advisory: Cross-Site Request Forgery in Gradio
Moderate
GHSA-3x9g-xfj5-fq84
was published
for
gradio
(pip)
Mar 21, 2024
•
withdrawn
`qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code
Moderate
CVE-2024-29032
was published
for
qiskit-ibm-runtime
(pip)
Mar 20, 2024
Black vulnerable to Regular Expression Denial of Service (ReDoS)
Moderate
CVE-2024-21503
was published
for
black
(pip)
Mar 19, 2024
XSS via the "Snapshot Test" feature in Classic Webcam plugin settings
Moderate
CVE-2024-28237
was published
for
OctoPrint
(pip)
Mar 18, 2024
Improper Privilege Management in djangorestframework-simplejwt
Moderate
CVE-2024-22513
was published
for
djangorestframework-simplejwt
(pip)
Mar 16, 2024
vantage6 vulnerable to a username timing attack on recover password/MFA token
Moderate
CVE-2024-24770
was published
for
vantage6
(pip)
Mar 15, 2024
vantage6's CORS settings overly permissive
Moderate
CVE-2024-23823
was published
for
vantage6
(pip)
Mar 15, 2024
Whoogle Search Cross-site Scripting vulnerability
Moderate
CVE-2024-22417
was published
for
whoogle-search
(pip)
Mar 14, 2024
Whoogle Search Path Traversal vulnerability
Moderate
CVE-2024-22204
was published
for
whoogle-search
(pip)
Mar 14, 2024
Apache Airflow: Ignored Airflow Permission
Moderate
CVE-2024-28746
was published
for
apache-airflow
(pip)
Mar 14, 2024
aiosmtpd vulnerable to SMTP smuggling
Moderate
CVE-2024-27305
was published
for
aiosmtpd
(pip)
Mar 13, 2024
Potential log injection in reset user endpoint in CKAN
Moderate
CVE-2024-27097
was published
for
ckan
(pip)
Mar 13, 2024
LibOSDP RMAC revert to the beginning of the session
Moderate
GHSA-xhjw-7vh5-qxqm
was published
for
libosdp
(pip)
Mar 8, 2024
LibOSDP vulnerable to a null pointer deref in osdp_reply_name
Moderate
GHSA-7945-5mcv-f2pp
was published
for
libosdp
(pip)
Mar 8, 2024
Django MarkdownX Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-2319
was published
for
django-markdownx
(pip)
Mar 8, 2024
ProTip!
Advisories are also available from the
GraphQL API