GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,832
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
797
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,032 advisories
Filter by severity
yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581)
High
CVE-2024-22423
was published
for
yt-dlp
(pip)
Apr 10, 2024
DIRAC: Unauthorized users can read proxy contents during generation
High
CVE-2024-29905
was published
for
DIRAC
(pip)
Apr 9, 2024
pgAdmin Remote Code Execution (RCE) vulnerability
High
CVE-2024-3116
was published
for
pgadmin4
(pip)
Apr 4, 2024
Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page
High
CVE-2024-30248
was published
for
piccolo-admin
(pip)
Apr 1, 2024
aliyundrive-webdav vulnerable to Command Injection
High
CVE-2024-29640
was published
for
aliyundrive-webdav
(pip)
Mar 29, 2024
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing
High
CVE-2024-28233
was published
for
jupyterhub
(pip)
Mar 28, 2024
Gradio's CI vulnerable to Command Injection
High
CVE-2024-1540
was published
for
gradio
(pip)
Mar 27, 2024
•
withdrawn
gradio Server-Side Request Forgery vulnerability
High
CVE-2024-2206
was published
for
gradio
(pip)
Mar 27, 2024
ansys-geometry-core OS Command Injection vulnerability
High
CVE-2024-29189
was published
for
ansys-geometry-core
(pip)
Mar 25, 2024
PaddlePaddle allows arbitrary file read via paddle.vision.ops.read_file
High
CVE-2024-1603
was published
for
paddlepaddle
(pip)
Mar 23, 2024
SSRF Vulnerability on assetlinks_check(act_name, well_knowns)
High
CVE-2024-29190
was published
for
mobsfscan
(pip)
Mar 22, 2024
ESPHome vulnerable to Authentication bypass via Cross site request forgery
High
CVE-2024-29019
was published
for
esphome
(pip)
Mar 21, 2024
GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace
High
CVE-2024-29033
was published
for
oauthenticator
(pip)
Mar 20, 2024
Denial of service via regular expression
High
CVE-2024-28865
was published
for
wiki
(pip)
Mar 18, 2024
RCE in TranformGraph().to_dot_graph function
High
CVE-2023-41334
was published
for
astropy
(pip)
Mar 18, 2024
Remote Code Execution Vulnerability in Microsoft Django Backend for SQL Server
High
CVE-2024-26164
was published
for
mssql-django
(pip)
Mar 12, 2024
WeasyPrint allows the attachment of arbitrary files and URLs to a PDF
High
CVE-2024-28184
was published
for
weasyprint
(pip)
Mar 8, 2024
RPyC's missing security check results in code execution when using numpy.array on the server-side.
High
CVE-2024-27758
was published
for
rpyc
(pip)
Mar 6, 2024
ESPHome vulnerable to remote code execution via arbitrary file write
High
CVE-2024-27081
was published
for
esphome
(pip)
Mar 1, 2024
Docassemble unauthorized access through URL manipulation
High
CVE-2024-27292
was published
for
docassemble.base
(pip)
Feb 29, 2024
Duplicate Advisory: ReDos vulnerability of XMLFeedSpider
High
GHSA-7c9g-vj9m-8pm6
was published
for
scrapy
(pip)
Feb 28, 2024
•
withdrawn
orjson does not limit recursion for deeply nested JSON documents
High
CVE-2024-27454
was published
for
orjson
(pip)
Feb 26, 2024
ProTip!
Advisories are also available from the
GraphQL API