GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,961
Composer 4,055
Erlang 29
GitHub Actions 19
Go 1,889
Maven 5,076
npm 3,605
NuGet 638
pip 3,208
Pub 10
RubyGems 852
Rust 816
Swift 35

Unreviewed advisories

All unreviewed 227,369

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

1,489 advisories

Filter by severity

Sort by

Least recently updated

Invenio-Communities has a Cross-Site Scripting (XSS) vulnerability in React components Moderate

GHSA-hjx6-f647-mvf9 was published for invenio-communities (pip) Jun 12, 2024

urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects Moderate

CVE-2024-37891 was published for urllib3 (pip) Jun 17, 2024

TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements Moderate

CVE-2024-38357 was published for TinyMCE (Composer) Jun 19, 2024

TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option Moderate

CVE-2024-38356 was published for TinyMCE (Composer) Jun 19, 2024

Apache Superset server arbitrary file read Moderate

CVE-2024-34693 was published for apache-superset (pip) Jun 20, 2024

Open redirect in gradio Moderate

CVE-2024-4940 was published for gradio (pip) Jun 22, 2024

Remote Code Execution in create_conda_env function in lollms Moderate

CVE-2024-3121 was published for lollms (pip) Jun 24, 2024

Improper line feed handling in zenml Moderate

CVE-2024-4460 was published for zenml (pip) Jun 24, 2024

CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store` Moderate

CVE-2023-49793 was published for codechecker (pip) Jun 24, 2024

Cross-site Scripting in djangorestframework Moderate

CVE-2024-21520 was published for djangorestframework (pip) Jun 26, 2024

Directory creation by malicious user in saltstack Moderate

CVE-2024-22231 was published for salt (pip) Jun 27, 2024

litellm vulnerable to improper access control in team management Moderate

CVE-2024-5710 was published for litellm (pip) Jun 27, 2024

Reflected Cross-Site Scripting (XSS) in zenml Moderate

CVE-2024-5062 was published for zenml (pip) Jun 30, 2024

Weblate vulnerable to improper sanitization of project backups Moderate

CVE-2024-39303 was published for Weblate (pip) Jul 1, 2024

OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access Moderate

CVE-2024-32498 was published for cinder (pip) Jul 5, 2024

Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL Moderate

CVE-2024-31223 was published for ethyca-fides (pip) Jul 5, 2024

Khoj Open Redirect Vulnerability in Login Page Moderate

GHSA-564j-v29w-rqr6 was published for khoj-assistant (pip) Jul 8, 2024

zipp Denial of Service vulnerability Moderate

CVE-2024-5569 was published for zipp (pip) Jul 9, 2024

Django vulnerable to user enumeration attack Moderate

CVE-2024-39329 was published for Django (pip) Jul 10, 2024

Wagtail regular expression denial-of-service via search query parsing Moderate

CVE-2024-39317 was published for wagtail (pip) Jul 11, 2024

Red-DiscordBot vulnerable to Incorrect Authorization in commands API Moderate

CVE-2024-39905 was published for Red-DiscordBot (pip) Jul 11, 2024

OpaMiddleware does not filter HTTP OPTIONS requests Moderate

CVE-2024-40627 was published for fastapi-opa (pip) Jul 15, 2024

Apache Superset vulnerable to improper SQL authorization Moderate

CVE-2024-39887 was published for apache-superset (pip) Jul 16, 2024

Apache Airflow Potential Cross-site Scripting Vulnerability Moderate

CVE-2024-39863 was published for apache-airflow (pip) Jul 17, 2024

dbt has an implicit override for built-in materializations from installed packages Moderate

CVE-2024-40637 was published for dbt-core (pip) Jul 17, 2024

Previous 1 2 … 56 57 58 59 60 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,489 advisories