GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,444 advisories
Filter by severity
Onnx Out-of-bounds Read vulnerability
Moderate
CVE-2024-27319
was published
for
onnx
(pip)
Feb 23, 2024
Gradio apps vulnerable to timing attacks to guess password
Moderate
CVE-2024-1729
was published
for
gradio
(pip)
Feb 22, 2024
Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config
Moderate
CVE-2024-26152
was published
for
label-studio
(pip)
Feb 22, 2024
NoneBot Potential Information Leak in User-Constructed Message Templates
Moderate
CVE-2024-21624
was published
for
nonebot2
(pip)
Feb 9, 2024
Django denial-of-service attack in the intcomma template filter
Moderate
CVE-2024-24680
was published
for
django
(pip)
Feb 7, 2024
Ansible-core information disclosure flaw
Moderate
CVE-2024-0690
was published
for
ansible-core
(pip)
Feb 6, 2024
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance
Moderate
CVE-2024-24595
was published
for
clearml
(pip)
Feb 6, 2024
pyLoad open redirect vulnerability due to improper validation of the is_safe_url function
Moderate
CVE-2024-24808
was published
for
pyload-ng
(pip)
Feb 5, 2024
m2crypto Bleichenbacher timing attack - incomplete fix for CVE-2020-25657
Moderate
CVE-2023-50781
was published
for
m2crypto
(pip)
Feb 5, 2024
Dash apps vulnerable to Cross-site Scripting
Moderate
CVE-2024-21485
was published
for
dash
(npm)
Feb 2, 2024
glance-store logs s3 access keys
Moderate
CVE-2024-1141
was published
for
glance-store
(pip)
Feb 1, 2024
OctoPrint Unverified Password Change via Access Control Settings
Moderate
CVE-2024-23637
was published
for
OctoPrint
(pip)
Jan 31, 2024
Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections
Moderate
CVE-2023-47116
was published
for
label-studio
(pip)
Jan 31, 2024
vantage6 has insecure SSH configuration for node and server containers
Moderate
CVE-2024-21653
was published
for
vantage6
(pip)
Jan 30, 2024
Vyper's raw_call `value=` kwargs not disabled for static and delegate calls
Moderate
CVE-2024-24567
was published
for
vyper
(pip)
Jan 30, 2024
aiohttp is vulnerable to directory traversal
Moderate
CVE-2024-23334
was published
for
aiohttp
(pip)
Jan 29, 2024
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
Moderate
CVE-2024-23829
was published
for
aiohttp
(pip)
Jan 29, 2024
ai-flow Deserialization of Untrusted Data vulnerability
Moderate
CVE-2024-0960
was published
for
ai-flow
(pip)
Jan 27, 2024
Null pointer dereference in PKCS12 parsing
Moderate
CVE-2024-0727
was published
for
cryptography
(pip)
Jan 26, 2024
Apache Airflow: Bypass permission verification to read code of other dags
Moderate
CVE-2023-50944
was published
for
apache-airflow
(pip)
Jan 24, 2024
Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service
Moderate
CVE-2023-51702
was published
for
apache-airflow
(pip)
Jan 24, 2024
Cross-site Scripting Vulnerability on Data Import
Moderate
CVE-2024-23633
was published
for
label-studio
(pip)
Jan 24, 2024
html injection vulnerability in the `tuitse_html` function.
Moderate
CVE-2024-23341
was published
for
TuiTse-TsuSin
(pip)
Jan 22, 2024
JupyterLab vulnerable to SXSS in Markdown Preview
Moderate
CVE-2024-22420
was published
for
jupyterlab
(pip)
Jan 19, 2024
ProTip!
Advisories are also available from the
GraphQL API