Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,439 advisories

Loading
JWCrypto vulnerable to JWT bomb Attack in `deserialize` function Moderate
CVE-2024-28102 was published for jwcrypto (pip) Mar 6, 2024
P3ngu1nW
esphome vulnerable to stored Cross-site Scripting in edit configuration file API Moderate
CVE-2024-27287 was published for esphome (pip) Mar 6, 2024
Phone information disclosure vulnerability Moderate
CVE-2024-22889 was published for Plone (pip) Mar 6, 2024
eth-abi is vulnerable to recursive DoS Moderate
GHSA-3qwc-47jf-5rf7 was published for eth-abi (pip) Mar 5, 2024
paulmillr
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users Moderate
CVE-2024-26280 was published for apache-airflow (pip) Mar 1, 2024
oscerd sunSUNQ
Docassemble HTML and javascript injection Moderate
CVE-2024-27290 was published for docassemble.webapp (pip) Feb 29, 2024
richighimi
Docassemble open redirect Moderate
CVE-2024-27291 was published for docassemble.webapp (pip) Feb 29, 2024
richighimi
Apache Airflow: DAG Code and Import Error Permissions Ignored Moderate
CVE-2024-27906 was published for apache-airflow (pip) Feb 29, 2024
oscerd sunSUNQ
Mezzanine allows attackers to bypass access control mechanisms Moderate
CVE-2024-25169 was published for Mezzanine (pip) Feb 28, 2024
Mezzanine allows attackers to bypass access controls via manipulating the Host header Moderate
CVE-2024-25170 was published for Mezzanine (pip) Feb 28, 2024
Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS) Moderate
CVE-2024-27083 was published for Flask-AppBuilder (pip) Feb 28, 2024
chor4o dpgaspar
Apache Superset: Improper authorization validation on dashboards and charts import Moderate
CVE-2024-26016 was published for apache-superset (pip) Feb 28, 2024
oscerd
Apache Superset: Improper data authorization when creating a new dataset Moderate
CVE-2024-24779 was published for apache-superset (pip) Feb 28, 2024
oscerd
Apache Superset: Improper validation of SQL statements allows for unauthorized access to data Moderate
CVE-2024-24773 was published for apache-superset (pip) Feb 28, 2024
oscerd
Apache Superset: Improper Neutralization of custom SQL on embedded context Moderate
CVE-2024-24772 was published for apache-superset (pip) Feb 28, 2024
oscerd
Apache Superset: Improper error handling on alerts Moderate
CVE-2024-27315 was published for apache-superset (pip) Feb 28, 2024
oscerd
ZenML Server Remote Privilege Escalation Vulnerability Moderate
CVE-2024-25723 was published for zenml (pip) Feb 27, 2024
hahwul
diffoscope Path Traversal vulnerability Moderate
CVE-2024-25711 was published for diffoscope (pip) Feb 27, 2024
pretix mishandles file validation Moderate
CVE-2024-27447 was published for pretix (pip) Feb 26, 2024
LangChain Experimental vulnerable to arbitrary code execution Moderate
CVE-2024-27444 was published for langchain-experimental (pip) Feb 26, 2024
Onnx Out-of-bounds Read vulnerability Moderate
CVE-2024-27319 was published for onnx (pip) Feb 23, 2024
iarspider
Gradio apps vulnerable to timing attacks to guess password Moderate
CVE-2024-1729 was published for gradio (pip) Feb 22, 2024
Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config Moderate
CVE-2024-26152 was published for label-studio (pip) Feb 22, 2024
isacaya
NoneBot Potential Information Leak in User-Constructed Message Templates Moderate
CVE-2024-21624 was published for nonebot2 (pip) Feb 9, 2024
mnixry
Django denial-of-service attack in the intcomma template filter Moderate
CVE-2024-24680 was published for django (pip) Feb 7, 2024
ProTip! Advisories are also available from the GraphQL API