Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,832
Maven
5,000+
npm
3,573
NuGet
632
pip
3,158
Pub
10
RubyGems
847
Rust
797
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,464 advisories

Loading
gradio Server-Side Request Forgery vulnerability Moderate
CVE-2024-1183 was published for gradio (pip) Apr 16, 2024
Pydantic regular expression denial of service Moderate
CVE-2024-3772 was published for pydantic (pip) Apr 15, 2024
OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack Moderate
CVE-2024-28718 was published for magnum (pip) Apr 12, 2024
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode Moderate
CVE-2024-3651 was published for idna (pip) Apr 11, 2024
guidovranken
Potential DoS via the Tudoor mechanism in eventlet and dnspython Moderate
CVE-2023-29483 was published for dnspython (pip) Apr 11, 2024
PyMongo Out-of-bounds Read in the bson module Moderate
GHSA-cr6f-gf5w-vhrc was published for pymongo (pip) Apr 6, 2024 withdrawn
Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check Moderate
CVE-2024-31215 was published for mobsf (pip) Apr 4, 2024
Pillow buffer overflow vulnerability Moderate
CVE-2024-28219 was published for pillow (pip) Apr 3, 2024
Saleor: Customers' addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method Moderate
CVE-2024-29888 was published for saleor (pip) Mar 28, 2024
Apache Airflow Improper Preservation of Permissions vulnerability Moderate
CVE-2024-29735 was published for apache-airflow (pip) Mar 26, 2024
LangChain's XMLOutputParser vulnerable to XML Entity Expansion Moderate
CVE-2024-1455 was published for langchain-core (pip) Mar 26, 2024
eyurtsev
Duplicate Advisory: Cross-Site Request Forgery in Gradio Moderate
GHSA-3x9g-xfj5-fq84 was published for gradio (pip) Mar 21, 2024 withdrawn
`qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code Moderate
CVE-2024-29032 was published for qiskit-ibm-runtime (pip) Mar 20, 2024
richrines1
Black vulnerable to Regular Expression Denial of Service (ReDoS) Moderate
CVE-2024-21503 was published for black (pip) Mar 19, 2024
XSS via the "Snapshot Test" feature in Classic Webcam plugin settings Moderate
CVE-2024-28237 was published for OctoPrint (pip) Mar 18, 2024
jacopotediosi
Information leakage in YAQL Moderate
CVE-2024-29156 was published for yaql (pip) Mar 18, 2024
Regular expression denial-of-service in Django Moderate
CVE-2024-27351 was published for django (pip) Mar 15, 2024
MarkLee131
vantage6 vulnerable to a username timing attack on recover password/MFA token Moderate
CVE-2024-24770 was published for vantage6 (pip) Mar 15, 2024
vantage6's CORS settings overly permissive Moderate
CVE-2024-23823 was published for vantage6 (pip) Mar 15, 2024
Whoogle Search Cross-site Scripting vulnerability Moderate
CVE-2024-22417 was published for whoogle-search (pip) Mar 14, 2024
Whoogle Search Path Traversal vulnerability Moderate
CVE-2024-22204 was published for whoogle-search (pip) Mar 14, 2024
Apache Airflow: Ignored Airflow Permission Moderate
CVE-2024-28746 was published for apache-airflow (pip) Mar 14, 2024
oscerd
aiosmtpd vulnerable to SMTP smuggling Moderate
CVE-2024-27305 was published for aiosmtpd (pip) Mar 13, 2024
The-Login
Potential log injection in reset user endpoint in CKAN Moderate
CVE-2024-27097 was published for ckan (pip) Mar 13, 2024
ZuhairORZaki
LibOSDP RMAC revert to the beginning of the session Moderate
GHSA-xhjw-7vh5-qxqm was published for libosdp (pip) Mar 8, 2024
ProTip! Advisories are also available from the GraphQL API