Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,001 advisories

Loading
Potential buffer overflow in CBOR2 decoder High
CVE-2024-26134 was published for cbor2 (pip) Feb 21, 2024
miri64
Improper Certificate Validation in apache airflow mongo hook High
CVE-2024-25141 was published for apache-airflow-providers-mongo (pip) Feb 20, 2024
Cross-site Scripting in Pyhtml2pdf High
CVE-2024-1647 was published for pyhtml2pdf (pip) Feb 20, 2024
Scrapy decompression bomb vulnerability High
CVE-2024-3572 was published for scrapy (pip) Feb 16, 2024
dmandefy
Scrapy authorization header leakage on cross-domain redirect High
CVE-2024-3574 was published for scrapy (pip) Feb 15, 2024
ranjit-git
Scrapy vulnerable to ReDoS via XMLFeedSpider High
CVE-2024-1892 was published for scrapy (pip) Feb 15, 2024
nicecatch2000
python-multipart vulnerable to Content-Type Header ReDoS High
CVE-2024-24762 was published for fastapi (pip) Feb 12, 2024
nicecatch2000 Kludex
Kinto Attachment's attachments can be replaced on read-only records High
CVE-2024-1314 was published for kinto-attachment (pip) Feb 8, 2024
Standard8 fkiriakos07
leplatrem
Allegro AI ClearML path traversal vulnerability High
CVE-2024-24591 was published for clearml (pip) Feb 6, 2024
Allegro AI ClearML vulnerable to deserialization of untrusted data High
CVE-2024-24590 was published for clearml (pip) Feb 6, 2024
Gradio Path Traversal vulnerability High
CVE-2024-0964 was published for gradio (pip) Feb 6, 2024
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack High
CVE-2023-50782 was published for cryptography (pip) Feb 5, 2024
Duplicate Advisory: FastAPI Content-Type Header ReDoS High
GHSA-qf9m-vfgh-m389 was published for fastapi (pip) Feb 5, 2024 withdrawn
nicecatch2000 huonw
garyd203 levpachmanov
Duplicate Advisory: Starlette Content-Type Header ReDoS High
GHSA-93gm-qmq6-w238 was published for starlette (pip) Feb 5, 2024 withdrawn
tiangolo nicecatch2000
vantage6 remote code execution vulnerability High
CVE-2024-21649 was published for vantage6 (pip) Jan 30, 2024
Apache Airflow: pickle deserialization vulnerability in XComs High
CVE-2023-50943 was published for apache-airflow (pip) Jan 24, 2024
Cross-site Scripting Vulnerability on Avatar Upload High
CVE-2023-47115 was published for label-studio (pip) Jan 24, 2024
alex-elttam
XSS potential in rendered Markdown fields (comments, description, notes, etc.) High
CVE-2024-23345 was published for nautobot (pip) Jan 23, 2024
Kircheneer
Minerva timing attack on P-256 in python-ecdsa High
CVE-2024-23342 was published for ecdsa (pip) Jan 22, 2024
tomato42
Code execution in metagpt High
CVE-2024-23750 was published for metagpt (pip) Jan 22, 2024
Arbitrary Code Execution in Pillow High
CVE-2023-50447 was published for Pillow (pip) Jan 19, 2024
JupyterLab vulnerable to potential authentication and CSRF tokens leak High
CVE-2024-22421 was published for jupyterlab (pip) Jan 19, 2024
davwwwx
concat built-in can corrupt memory in vyper High
CVE-2024-22419 was published for vyper (pip) Jan 19, 2024
cyberthirst kuroi8
Unsecured endpoints in the jupyter-lsp server extension High
CVE-2024-22415 was published for jupyter-lsp (pip) Jan 18, 2024
Cross-Frame Scripting vulnerability has been found on Plone CMS High
CVE-2024-0669 was published for Plone (pip) Jan 18, 2024
ProTip! Advisories are also available from the GraphQL API