Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,832
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,160 advisories

Loading
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode Moderate
CVE-2024-3651 was published for idna (pip) Apr 11, 2024
guidovranken
Django vulnerable to user enumeration attack Moderate
CVE-2024-39329 was published for Django (pip) Jul 10, 2024
Red-DiscordBot vulnerable to Incorrect Authorization in commands API Moderate
CVE-2024-39905 was published for Red-DiscordBot (pip) Jul 11, 2024
Flame442
Insecure Jinja2 templates rendered in Haystack Components can lead to RCE High
CVE-2024-41950 was published for haystack-ai (pip) Jul 31, 2024
PheonixAppAPI has visible Encoding Maps Moderate
CVE-2024-41951 was published for PheonixAppAPI (pip) Jul 31, 2024
AkshuDev
Django vulnerable to Denial of Service High
CVE-2024-38875 was published for Django (pip) Jul 10, 2024
Guardrails AI vulnerable to Improper Restriction of XML External Entity Reference Moderate
CVE-2024-6961 was published for guardrails-ai (pip) Jul 21, 2024
zenml-io/zenml does not expire the session after password reset Low
CVE-2024-4680 was published for zenml (pip) Jun 8, 2024
[PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS` Low
CVE-2024-41124 was published for puncia (pip) Jul 19, 2024
SCH227 g147
ops leaking secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command Moderate
CVE-2024-41129 was published for ops (pip) Jul 22, 2024
phvalguima
XML Injection in ReportLab Critical
CVE-2019-17626 was published for reportlab (pip) May 24, 2022
Authentication bypass in Apache Airflow Critical
CVE-2020-13927 was published for apache-airflow (pip) Apr 30, 2021
sunSUNQ
VNCAuthProxy authentication bypass vulnerability Critical
CVE-2022-36436 was published for vncauthproxy (pip) Sep 16, 2022
NASA AIT-Core vulnerable to remote code execution High
CVE-2024-35057 was published for ait-core (pip) May 21, 2024
Arbitrary Code Execution in Pillow High
CVE-2023-50447 was published for Pillow (pip) Jan 19, 2024
ZenML Server Remote Privilege Escalation Vulnerability Moderate
CVE-2024-25723 was published for zenml (pip) Feb 27, 2024
hahwul
NASA AIT-Core vulnerable to SQL Injection Critical
CVE-2024-35056 was published for ait-core (pip) May 21, 2024
NASA AIT-Core vulnerable to remote code execution High
CVE-2024-35058 was published for ait-core (pip) May 21, 2024
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user Critical
CVE-2024-2044 was published for pgAdmin4 (pip) Mar 7, 2024
TheZ3ro
RPyC's missing security check results in code execution when using numpy.array on the server-side. High
CVE-2024-27758 was published for rpyc (pip) Mar 6, 2024
renbou comrumino
python-jose algorithm confusion with OpenSSH ECDSA keys High
CVE-2024-33663 was published for python-jose (pip) Apr 26, 2024
pgAdmin is affected by a multi-factor authentication bypass vulnerability High
CVE-2024-4215 was published for pgadmin4 (pip) May 2, 2024
Ryu Infinite Loop vulnerability High
CVE-2024-34486 was published for ryu (pip) May 5, 2024
Django vulnerable to Denial of Service High
CVE-2024-39614 was published for Django (pip) Jul 10, 2024
langchain-experimental vulnerable to Arbitrary Code Execution High
CVE-2024-21513 was published for langchain-experimental (pip) Jul 15, 2024
ProTip! Advisories are also available from the GraphQL API