Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,964
Erlang
29
GitHub Actions
16
Go
1,746
Maven
4,974
npm
3,507
NuGet
609
pip
3,071
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,071 advisories

CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store` Moderate
CVE-2023-49793 was published for codechecker (pip) Jun 24, 2024
Discookie vodorok
whisperity Szelethus bruntib
Improper line feed handling in zenml Moderate
CVE-2024-4460 was published for zenml (pip) Jun 24, 2024
Remote Code Execution in create_conda_env function in lollms Moderate
CVE-2024-3121 was published for lollms (pip) Jun 24, 2024
Remote Code Execution via path traversal bypass in lollms Critical
CVE-2024-5443 was published for lollms (pip) Jun 22, 2024
Open redirect in gradio Moderate
CVE-2024-4940 was published for gradio (pip) Jun 22, 2024
js2py allows remote code execution High
CVE-2024-28397 was published for js2py (pip) Jun 20, 2024
Apache Superset server arbitrary file read Moderate
CVE-2024-34693 was published for apache-superset (pip) Jun 20, 2024
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects Moderate
CVE-2024-37891 was published for urllib3 (pip) Jun 17, 2024
pquentin illia-v
LNbits improperly handles potential network and payment failures when using Eclair backend High
CVE-2024-34694 was published for lnbits (pip) Jun 17, 2024
Semisol fishcakeday
langchain_experimental Code Execution via Python REPL access Moderate
CVE-2024-38459 was published for langchain-experimental (pip) Jun 16, 2024
Apache Airflow does not return the "Cache-Control" header for dynamic content Low
CVE-2024-25142 was published for apache-airflow (pip) Jun 14, 2024
Invenio-Communities has a Cross-Site Scripting (XSS) vulnerability in React components Moderate
GHSA-hjx6-f647-mvf9 was published for invenio-communities (pip) Jun 12, 2024
Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0 High
CVE-2024-37300 was published for oauthenticator (pip) Jun 12, 2024
minrk yuvipanda
manics
parisneo/lollms Local File Inclusion (LFI) attack Critical
CVE-2024-4315 was published for lollms (pip) Jun 12, 2024
Jupyter Server Proxy has a reflected XSS issue in host parameter Critical
CVE-2024-35225 was published for jupyter-server-proxy (pip) Jun 11, 2024
dlqqq
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection Critical
CVE-2024-37301 was published for document-merge-service (pip) Jun 11, 2024
c0rydoras
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability Moderate
CVE-2024-35255 was published for @azure/identity (Go) Jun 11, 2024
scottaddie localden
Langflow remote code execution vulnerability High
CVE-2024-37014 was published for langflow (pip) Jun 10, 2024
lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management Critical
CVE-2024-5389 was published for lunary (pip) Jun 10, 2024
Authlib has algorithm confusion with asymmetric public keys High
CVE-2024-37568 was published for authlib (pip) Jun 9, 2024
zenml-io/zenml does not expire the session after password reset Low
CVE-2024-4680 was published for zenml (pip) Jun 8, 2024
ebookmeta XML External Entity vulnerability High
CVE-2024-36827 was published for ebookmeta (pip) Jun 7, 2024
ebookmeta XML External Entity vulnerability Critical
CVE-2024-37388 was published for ebookmeta (pip) Jun 7, 2024
Tornado has a CRLF injection in CurlAsyncHTTPClient headers Moderate
GHSA-w235-7p84-xx57 was published for tornado (pip) Jun 6, 2024
sha0sum mschwager
ahpaleus
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado Moderate
GHSA-753j-mpmx-qq6g was published for tornado (pip) Jun 6, 2024
ProTip! Advisories are also available from the GraphQL API