GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,084 advisories
Filter by severity
sagemaker-python-sdk Command Injection vulnerability
High
CVE-2024-34073
was published
for
sagemaker
(pip)
May 3, 2024
sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data
High
CVE-2024-34072
was published
for
sagemaker
(pip)
May 3, 2024
changedetection.io Cross-site Scripting vulnerability
Moderate
CVE-2024-34061
was published
for
changedetection.io
(pip)
May 3, 2024
aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests
High
CVE-2024-30251
was published
for
aiohttp
(pip)
May 3, 2024
pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload
High
CVE-2024-4216
was published
for
pgAdmin4
(pip)
May 2, 2024
pgAdmin is affected by a multi-factor authentication bypass vulnerability
High
CVE-2024-4215
was published
for
pgadmin4
(pip)
May 2, 2024
Wagtail has permission check bypass when editing a model with per-field restrictions through `wagtail.contrib.settings` or `ModelViewSet`
Low
CVE-2024-32882
was published
for
wagtail
(pip)
May 1, 2024
nautobot has reflected Cross-site Scripting potential in all object list views
High
CVE-2024-32979
was published
for
nautobot
(pip)
May 1, 2024
Duplicate Advisory: sqlparse parsing heavily nested list leads to Denial of Service
High
GHSA-62qf-jcq8-8gxw
was published
for
sqlparse
(pip)
Apr 30, 2024
•
withdrawn
dcnnt-py is vulnerable to command injection via Notification Handler
Moderate
CVE-2023-1000
was published
for
dcnnt
(pip)
Apr 27, 2024
python-jose algorithm confusion with OpenSSH ECDSA keys
High
CVE-2024-33663
was published
for
python-jose
(pip)
Apr 26, 2024
python-jose denial of service via compressed JWE content
Moderate
CVE-2024-33664
was published
for
python-jose
(pip)
Apr 26, 2024
vyper's range(start, start + N) reverts for negative numbers
Moderate
CVE-2024-32481
was published
for
vyper
(pip)
Apr 25, 2024
vyper performs incorrect topic logging in raw_log
Moderate
CVE-2024-32645
was published
for
vyper
(pip)
Apr 25, 2024
vyper performs double eval of the slice start/length args in certain cases
Moderate
CVE-2024-32646
was published
for
vyper
(pip)
Apr 25, 2024
vyper performs double eval of raw_args in create_from_blueprint
Moderate
CVE-2024-32647
was published
for
vyper
(pip)
Apr 25, 2024
vyper default functions don't respect nonreentrancy keys
Moderate
CVE-2024-32648
was published
for
vyper
(pip)
Apr 25, 2024
vyper performs multiple eval of `sqrt()` argument built in
Moderate
CVE-2024-32649
was published
for
vyper
(pip)
Apr 25, 2024
pyLoad allows upload to arbitrary folder lead to RCE
Critical
CVE-2024-32880
was published
for
pyload-ng
(pip)
Apr 24, 2024
social-auth-app-django affected by Improper Handling of Case Sensitivity
Moderate
CVE-2024-32879
was published
for
social-auth-app-django
(pip)
Apr 24, 2024
Synapse V2 state resolution weakness allows Denial of Service (DoS)
Moderate
CVE-2024-31208
was published
for
matrix-synapse
(pip)
Apr 23, 2024
cg vulnerable to an Open Redirect Vulnerability on Referer Header
Moderate
GHSA-w228-rfpx-fhm4
was published
for
cg
(pip)
Apr 23, 2024
ProTip!
Advisories are also available from the
GraphQL API