Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,084 advisories

Loading
dbt uses a SQLparse version with a high vulnerability High
GHSA-p72q-h37j-3hq7 was published for dbt-core (pip) Apr 22, 2024
DanMawdsleyBA
OpenStack Storlets arbitrary code execution vulnerability High
CVE-2024-28717 was published for storlets (pip) Apr 22, 2024
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider Moderate
CVE-2024-29733 was published for apache-airflow-providers-ftp (pip) Apr 21, 2024
ericwb
flask-cors vulnerable to log injection when the log level is set to debug Moderate
CVE-2024-1681 was published for flask-cors (pip) Apr 19, 2024
bayandin
Sentry vulnerable to leaking superuser cleartext password in logs High
CVE-2024-32474 was published for sentry (pip) Apr 18, 2024
lluuaapp
aiohttp Cross-site Scripting vulnerability on index pages for static file handling Moderate
CVE-2024-27306 was published for aiohttp (pip) Apr 18, 2024
arkark
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used Moderate
CVE-2024-31869 was published for apache-airflow (pip) Apr 18, 2024
Cross-site Scripting (XSS) in mindsdb/mindsdb Moderate
CVE-2024-3575 was published for mindsdb (pip) Apr 16, 2024
Duplicate Advisory: Scrapy decompression bomb vulnerability High
GHSA-rmqv-7v3j-mr7p was published for scrapy (pip) Apr 16, 2024 withdrawn
langchain vulnerable to path traversal Moderate
CVE-2024-3571 was published for langchain (pip) Apr 16, 2024
mlflow vulnerable to Path Traversal Critical
CVE-2024-3573 was published for mlflow (pip) Apr 16, 2024
Duplicate Advisory: Scrapy authorization header leakage on cross-domain redirect High
GHSA-4q82-j5c2-g2c5 was published for scrapy (pip) Apr 16, 2024 withdrawn
llama-index-core Command Injection vulnerability Critical
CVE-2024-3271 was published for llama-index-core (pip) Apr 16, 2024
mlflow vulnerable to Path Traversal High
CVE-2024-1558 was published for mlflow (pip) Apr 16, 2024
mlflow vulnerable to Path Traversal High
CVE-2024-1593 was published for mlflow (pip) Apr 16, 2024
mlflow vulnerable to Path Traversal High
CVE-2024-1594 was published for mlflow (pip) Apr 16, 2024
mlflow vulnerable to Path Traversal High
CVE-2024-1560 was published for mlflow (pip) Apr 16, 2024
Directory traversal in zenml Critical
CVE-2024-2083 was published for zenml (pip) Apr 16, 2024
zenml Session Fixation vulnerability Moderate
CVE-2024-2260 was published for zenml (pip) Apr 16, 2024
Insecure deserialization in BentoML Critical
CVE-2024-2912 was published for bentoml (pip) Apr 16, 2024
gradio vulnerable to Path Traversal High
CVE-2024-1561 was published for gradio (pip) Apr 16, 2024
gradio Server-Side Request Forgery vulnerability Moderate
CVE-2024-1183 was published for gradio (pip) Apr 16, 2024
mlflow Path Traversal vulnerability High
CVE-2024-1483 was published for mlflow (pip) Apr 16, 2024
Request smuggling leading to endpoint restriction bypass in Gunicorn High
CVE-2024-1135 was published for gunicorn (pip) Apr 16, 2024
sqlparse parsing heavily nested list leads to Denial of Service High
CVE-2024-4340 was published for sqlparse (pip) Apr 15, 2024
uriyay-jfrog
ProTip! Advisories are also available from the GraphQL API