GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,084 advisories
Filter by severity
litellm vulnerable to remote code execution based on using eval unsafely
Critical
CVE-2024-5751
was published
for
litellm
(pip)
Jun 27, 2024
litellm vulnerable to improper access control in team management
Moderate
CVE-2024-5710
was published
for
litellm
(pip)
Jun 27, 2024
ntlk unsafe deserialization vulnerability
High
CVE-2024-39705
was published
for
nltk
(pip)
Jun 28, 2024
lollms vulnerable to dot-dot-slash path traversal in XTTS server
High
CVE-2024-6139
was published
for
lollms
(pip)
Jun 27, 2024
lollms vulnerable to path traversal due to unauthenticated root folder settings change
High
CVE-2024-6085
was published
for
lollms
(pip)
Jun 27, 2024
pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint
Critical
CVE-2024-5980
was published
for
lightning
(pip)
Jun 27, 2024
h2o vulnerable to unexpected POST request shutting down server
High
CVE-2024-5979
was published
for
h2o
(pip)
Jun 27, 2024
vanna vulnerable to remote code execution caused by prompt injection
Critical
CVE-2024-5826
was published
for
vanna
(pip)
Jun 27, 2024
lollms path traversal vulnerability allows overriding of config.yaml file, leading to RCE
High
CVE-2024-5824
was published
for
lollms
(pip)
Jun 27, 2024
Apache Superset uncontrolled resource consumption
Moderate
CVE-2023-46104
was published
for
apache-superset
(pip)
Dec 19, 2023
Duplicate Advisory: Apache Superset uncontrolled resource consumption
Moderate
CVE-2024-23952
was published
for
apache-superset
(pip)
May 30, 2024
•
withdrawn
Directory creation by malicious user in saltstack
Moderate
CVE-2024-22231
was published
for
salt
(pip)
Jun 27, 2024
CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`
Moderate
CVE-2023-49793
was published
for
codechecker
(pip)
Jun 24, 2024
Cross-site Scripting in djangorestframework
Moderate
CVE-2024-21520
was published
for
djangorestframework
(pip)
Jun 26, 2024
Lacking Protection against HTTP Request Smuggling in mitmproxy
High
CVE-2021-39214
was published
for
mitmproxy
(pip)
Sep 20, 2021
pdoc embeds link to malicious CDN if math mode is enabled
High
CVE-2024-38526
was published
for
pdoc
(pip)
Jun 25, 2024
Potential DoS via the Tudoor mechanism in eventlet and dnspython
Moderate
CVE-2023-29483
was published
for
dnspython
(pip)
Apr 11, 2024
Improper line feed handling in zenml
Moderate
CVE-2024-4460
was published
for
zenml
(pip)
Jun 24, 2024
Remote Code Execution in create_conda_env function in lollms
Moderate
CVE-2024-3121
was published
for
lollms
(pip)
Jun 24, 2024
pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)
High
CVE-2022-40897
was published
for
setuptools
(pip)
Dec 23, 2022
Remote Code Execution via path traversal bypass in lollms
Critical
CVE-2024-5443
was published
for
lollms
(pip)
Jun 22, 2024
PyMySQL SQL Injection vulnerability
Critical
CVE-2024-36039
was published
for
pymysql
(pip)
May 21, 2024
Using default SSLContext for HTTPS requests in an HTTPS proxy doesn't verify certificate hostname for proxy connection
Moderate
CVE-2021-28363
was published
for
urllib3
(pip)
Mar 19, 2021
ProTip!
Advisories are also available from the
GraphQL API