GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,001 advisories
Filter by severity
Potential buffer overflow in CBOR2 decoder
High
CVE-2024-26134
was published
for
cbor2
(pip)
Feb 21, 2024
Improper Certificate Validation in apache airflow mongo hook
High
CVE-2024-25141
was published
for
apache-airflow-providers-mongo
(pip)
Feb 20, 2024
Cross-site Scripting in Pyhtml2pdf
High
CVE-2024-1647
was published
for
pyhtml2pdf
(pip)
Feb 20, 2024
Scrapy decompression bomb vulnerability
High
CVE-2024-3572
was published
for
scrapy
(pip)
Feb 16, 2024
Scrapy authorization header leakage on cross-domain redirect
High
CVE-2024-3574
was published
for
scrapy
(pip)
Feb 15, 2024
Scrapy vulnerable to ReDoS via XMLFeedSpider
High
CVE-2024-1892
was published
for
scrapy
(pip)
Feb 15, 2024
python-multipart vulnerable to Content-Type Header ReDoS
High
CVE-2024-24762
was published
for
fastapi
(pip)
Feb 12, 2024
Kinto Attachment's attachments can be replaced on read-only records
High
CVE-2024-1314
was published
for
kinto-attachment
(pip)
Feb 8, 2024
Allegro AI ClearML path traversal vulnerability
High
CVE-2024-24591
was published
for
clearml
(pip)
Feb 6, 2024
Allegro AI ClearML vulnerable to deserialization of untrusted data
High
CVE-2024-24590
was published
for
clearml
(pip)
Feb 6, 2024
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack
High
CVE-2023-50782
was published
for
cryptography
(pip)
Feb 5, 2024
Duplicate Advisory: FastAPI Content-Type Header ReDoS
High
GHSA-qf9m-vfgh-m389
was published
for
fastapi
(pip)
Feb 5, 2024
•
withdrawn
Duplicate Advisory: Starlette Content-Type Header ReDoS
High
GHSA-93gm-qmq6-w238
was published
for
starlette
(pip)
Feb 5, 2024
•
withdrawn
vantage6 remote code execution vulnerability
High
CVE-2024-21649
was published
for
vantage6
(pip)
Jan 30, 2024
Apache Airflow: pickle deserialization vulnerability in XComs
High
CVE-2023-50943
was published
for
apache-airflow
(pip)
Jan 24, 2024
Cross-site Scripting Vulnerability on Avatar Upload
High
CVE-2023-47115
was published
for
label-studio
(pip)
Jan 24, 2024
XSS potential in rendered Markdown fields (comments, description, notes, etc.)
High
CVE-2024-23345
was published
for
nautobot
(pip)
Jan 23, 2024
Minerva timing attack on P-256 in python-ecdsa
High
CVE-2024-23342
was published
for
ecdsa
(pip)
Jan 22, 2024
JupyterLab vulnerable to potential authentication and CSRF tokens leak
High
CVE-2024-22421
was published
for
jupyterlab
(pip)
Jan 19, 2024
concat built-in can corrupt memory in vyper
High
CVE-2024-22419
was published
for
vyper
(pip)
Jan 19, 2024
Unsecured endpoints in the jupyter-lsp server extension
High
CVE-2024-22415
was published
for
jupyter-lsp
(pip)
Jan 18, 2024
Cross-Frame Scripting vulnerability has been found on Plone CMS
High
CVE-2024-0669
was published
for
Plone
(pip)
Jan 18, 2024
ProTip!
Advisories are also available from the
GraphQL API