GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
1,444 advisories
Onnx Out-of-bounds Read vulnerability
Moderate
CVE-2024-27319
was published
for
onnx
(pip)
Feb 23, 2024
Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config
Moderate
CVE-2024-26152
was published
for
label-studio
(pip)
Feb 22, 2024
NoneBot Potential Information Leak in User-Constructed Message Templates
Moderate
CVE-2024-21624
was published
for
nonebot2
(pip)
Feb 9, 2024
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance
Moderate
CVE-2024-24595
was published
for
clearml
(pip)
Feb 6, 2024
pyLoad open redirect vulnerability due to improper validation of the is_safe_url function
Moderate
CVE-2024-24808
was published
for
pyload-ng
(pip)
Feb 5, 2024
Dash apps vulnerable to Cross-site Scripting
Moderate
CVE-2024-21485
was published
for
dash
(npm)
Feb 2, 2024
glance-store logs s3 access keys
Moderate
CVE-2024-1141
was published
for
glance-store
(pip)
Feb 1, 2024
OctoPrint Unverified Password Change via Access Control Settings
Moderate
CVE-2024-23637
was published
for
OctoPrint
(pip)
Jan 31, 2024
Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections
Moderate
CVE-2023-47116
was published
for
label-studio
(pip)
Jan 31, 2024
Vyper's raw_call `value=` kwargs not disabled for static and delegate calls
Moderate
CVE-2024-24567
was published
for
vyper
(pip)
Jan 30, 2024
aiohttp is vulnerable to directory traversal
Moderate
CVE-2024-23334
was published
for
aiohttp
(pip)
Jan 29, 2024
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
Moderate
CVE-2024-23829
was published
for
aiohttp
(pip)
Jan 29, 2024
Null pointer dereference in PKCS12 parsing
Moderate
CVE-2024-0727
was published
for
cryptography
(pip)
Jan 26, 2024
Cross-site Scripting Vulnerability on Data Import
Moderate
CVE-2024-23633
was published
for
label-studio
(pip)
Jan 24, 2024
ProTip!
Advisories are also available from the
GraphQL API