Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,076
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,076 advisories

Loading
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled High
CVE-2024-32977 was published for OctoPrint (pip) May 14, 2024
jacopotediosi
Apache Airflow: XSS vulnerability in Task Instance Log/Log Details Moderate
CVE-2024-32077 was published for apache-airflow (pip) May 14, 2024
Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages High
CVE-2024-34707 was published for nautobot (pip) May 13, 2024
michaelpanorios
llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata Critical
CVE-2024-34359 was published for llama-cpp-python (pip) May 13, 2024
retr0reg
Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service Critical
CVE-2024-32874 was published for frigate (pip) May 9, 2024
Sim4n6
Apache Superset Incorrect Authorization vulnerability Moderate
CVE-2024-28148 was published for apache-superset (pip) May 7, 2024
Arbitrary HTML present after sanitization because of unicode normalization High
CVE-2024-34078 was published for html-sanitizer (pip) May 6, 2024
yzueger
Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain High
CVE-2024-34069 was published for Werkzeug (pip) May 6, 2024
Ry0taK
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter Moderate
CVE-2024-34064 was published for Jinja2 (pip) May 6, 2024
Ry0taK
Litestar and Starlite vulnerable to Path Traversal High
CVE-2024-32982 was published for litestar (pip) May 6, 2024
brian-edgar-re
WordOps has TOCTOU race condition Moderate
CVE-2024-34528 was published for wordops (pip) May 6, 2024
VirtuBox
Nebari prints temporary Keycloak root password Moderate
CVE-2024-34529 was published for nebari (pip) May 6, 2024
Gradio's Component Server does not properly consider` _is_server_fn` for functions Moderate
CVE-2024-34511 was published for gradio (pip) May 5, 2024
Ryu Infinite Loop vulnerability Moderate
CVE-2024-34483 was published for ryu (pip) May 5, 2024
Ryu Infinite Loop vulnerability Moderate
CVE-2024-34486 was published for ryu (pip) May 5, 2024
Ryu Infinite Loop vulnerability Moderate
CVE-2024-34489 was published for ryu (pip) May 5, 2024
Ryu Infinite Loop vulnerability Moderate
CVE-2024-34484 was published for ryu (pip) May 5, 2024
Ryu Infinite Loop vulnerability Moderate
CVE-2024-34488 was published for ryu (pip) May 5, 2024
Ryu Infinite Loop vulnerability Moderate
CVE-2024-34487 was published for ryu (pip) May 5, 2024
sagemaker-python-sdk Command Injection vulnerability High
CVE-2024-34073 was published for sagemaker (pip) May 3, 2024
Kasimir123
sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data High
CVE-2024-34072 was published for sagemaker (pip) May 3, 2024
Kasimir123
tqdm CLI arguments injection attack Low
CVE-2024-34062 was published for tqdm (pip) May 3, 2024
CopperEagle
changedetection.io Cross-site Scripting vulnerability Moderate
CVE-2024-34061 was published for changedetection.io (pip) May 3, 2024
Nguyen-Trung-Kien
aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests High
CVE-2024-30251 was published for aiohttp (pip) May 3, 2024
bytehope
pgAdmin is affected by a multi-factor authentication bypass vulnerability High
CVE-2024-4215 was published for pgadmin4 (pip) May 2, 2024
ProTip! Advisories are also available from the GraphQL API