Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,832
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
797
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,032 advisories

Loading
aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests High
CVE-2024-30251 was published for aiohttp (pip) May 3, 2024
bytehope
pgAdmin is affected by a multi-factor authentication bypass vulnerability High
CVE-2024-4215 was published for pgadmin4 (pip) May 2, 2024
pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload High
CVE-2024-4216 was published for pgAdmin4 (pip) May 2, 2024
nautobot has reflected Cross-site Scripting potential in all object list views High
CVE-2024-32979 was published for nautobot (pip) May 1, 2024
michaelpanorios
Duplicate Advisory: sqlparse parsing heavily nested list leads to Denial of Service High
GHSA-62qf-jcq8-8gxw was published for sqlparse (pip) Apr 30, 2024 withdrawn
PyPXE Buffer Overflow vulnerability High
CVE-2023-46960 was published for PyPXE (pip) Apr 29, 2024
python-jose algorithm confusion with OpenSSH ECDSA keys High
CVE-2024-33663 was published for python-jose (pip) Apr 26, 2024
dbt uses a SQLparse version with a high vulnerability High
GHSA-p72q-h37j-3hq7 was published for dbt-core (pip) Apr 22, 2024
DanMawdsleyBA
OpenStack Storlets arbitrary code execution vulnerability High
CVE-2024-28717 was published for storlets (pip) Apr 22, 2024
Sentry vulnerable to leaking superuser cleartext password in logs High
CVE-2024-32474 was published for sentry (pip) Apr 18, 2024
lluuaapp
PyTorch heap buffer overflow vulnerability High
CVE-2024-31580 was published for torch (pip) Apr 17, 2024
levpachmanov
Pytorch use-after-free vulnerability High
CVE-2024-31583 was published for torch (pip) Apr 17, 2024
levpachmanov
Duplicate Advisory: Scrapy decompression bomb vulnerability High
GHSA-rmqv-7v3j-mr7p was published for scrapy (pip) Apr 16, 2024 withdrawn
Duplicate Advisory: Scrapy authorization header leakage on cross-domain redirect High
GHSA-4q82-j5c2-g2c5 was published for scrapy (pip) Apr 16, 2024 withdrawn
gradio vulnerable to Path Traversal High
CVE-2024-1561 was published for gradio (pip) Apr 16, 2024
mlflow vulnerable to Path Traversal High
CVE-2024-1594 was published for mlflow (pip) Apr 16, 2024
mlflow vulnerable to Path Traversal High
CVE-2024-1560 was published for mlflow (pip) Apr 16, 2024
mlflow vulnerable to Path Traversal High
CVE-2024-1593 was published for mlflow (pip) Apr 16, 2024
mlflow vulnerable to Path Traversal High
CVE-2024-1558 was published for mlflow (pip) Apr 16, 2024
mberges21
Request smuggling leading to endpoint restriction bypass in Gunicorn High
CVE-2024-1135 was published for gunicorn (pip) Apr 16, 2024
mlflow Path Traversal vulnerability High
CVE-2024-1483 was published for mlflow (pip) Apr 16, 2024
mberges21
sqlparse parsing heavily nested list leads to Denial of Service High
CVE-2024-4340 was published for sqlparse (pip) Apr 15, 2024
uriyay-jfrog
NiceGUI allows potential access to local file system High
CVE-2024-32005 was published for nicegui (pip) Apr 12, 2024
sunriseXu
Aim Cross-Site Request Forgery vulnerability allows user to delete runs and perform other operations High
CVE-2024-2196 was published for aim (pip) Apr 10, 2024
Gradio Local File Inclusion vulnerability High
CVE-2024-1728 was published for gradio (pip) Apr 10, 2024
ProTip! Advisories are also available from the GraphQL API