GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,439 advisories
Filter by severity
JWCrypto vulnerable to JWT bomb Attack in `deserialize` function
Moderate
CVE-2024-28102
was published
for
jwcrypto
(pip)
Mar 6, 2024
esphome vulnerable to stored Cross-site Scripting in edit configuration file API
Moderate
CVE-2024-27287
was published
for
esphome
(pip)
Mar 6, 2024
Phone information disclosure vulnerability
Moderate
CVE-2024-22889
was published
for
Plone
(pip)
Mar 6, 2024
eth-abi is vulnerable to recursive DoS
Moderate
GHSA-3qwc-47jf-5rf7
was published
for
eth-abi
(pip)
Mar 5, 2024
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users
Moderate
CVE-2024-26280
was published
for
apache-airflow
(pip)
Mar 1, 2024
Docassemble HTML and javascript injection
Moderate
CVE-2024-27290
was published
for
docassemble.webapp
(pip)
Feb 29, 2024
Docassemble open redirect
Moderate
CVE-2024-27291
was published
for
docassemble.webapp
(pip)
Feb 29, 2024
Apache Airflow: DAG Code and Import Error Permissions Ignored
Moderate
CVE-2024-27906
was published
for
apache-airflow
(pip)
Feb 29, 2024
Mezzanine allows attackers to bypass access control mechanisms
Moderate
CVE-2024-25169
was published
for
Mezzanine
(pip)
Feb 28, 2024
Mezzanine allows attackers to bypass access controls via manipulating the Host header
Moderate
CVE-2024-25170
was published
for
Mezzanine
(pip)
Feb 28, 2024
Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)
Moderate
CVE-2024-27083
was published
for
Flask-AppBuilder
(pip)
Feb 28, 2024
Apache Superset: Improper authorization validation on dashboards and charts import
Moderate
CVE-2024-26016
was published
for
apache-superset
(pip)
Feb 28, 2024
Apache Superset: Improper data authorization when creating a new dataset
Moderate
CVE-2024-24779
was published
for
apache-superset
(pip)
Feb 28, 2024
Apache Superset: Improper validation of SQL statements allows for unauthorized access to data
Moderate
CVE-2024-24773
was published
for
apache-superset
(pip)
Feb 28, 2024
Apache Superset: Improper Neutralization of custom SQL on embedded context
Moderate
CVE-2024-24772
was published
for
apache-superset
(pip)
Feb 28, 2024
Apache Superset: Improper error handling on alerts
Moderate
CVE-2024-27315
was published
for
apache-superset
(pip)
Feb 28, 2024
ZenML Server Remote Privilege Escalation Vulnerability
Moderate
CVE-2024-25723
was published
for
zenml
(pip)
Feb 27, 2024
diffoscope Path Traversal vulnerability
Moderate
CVE-2024-25711
was published
for
diffoscope
(pip)
Feb 27, 2024
pretix mishandles file validation
Moderate
CVE-2024-27447
was published
for
pretix
(pip)
Feb 26, 2024
LangChain Experimental vulnerable to arbitrary code execution
Moderate
CVE-2024-27444
was published
for
langchain-experimental
(pip)
Feb 26, 2024
Onnx Out-of-bounds Read vulnerability
Moderate
CVE-2024-27319
was published
for
onnx
(pip)
Feb 23, 2024
Gradio apps vulnerable to timing attacks to guess password
Moderate
CVE-2024-1729
was published
for
gradio
(pip)
Feb 22, 2024
Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config
Moderate
CVE-2024-26152
was published
for
label-studio
(pip)
Feb 22, 2024
NoneBot Potential Information Leak in User-Constructed Message Templates
Moderate
CVE-2024-21624
was published
for
nonebot2
(pip)
Feb 9, 2024
Django denial-of-service attack in the intcomma template filter
Moderate
CVE-2024-24680
was published
for
django
(pip)
Feb 7, 2024
ProTip!
Advisories are also available from the
GraphQL API