Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
30
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,683
NuGet
650
pip
3,299
Pub
11
RubyGems
878
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

3,299 advisories

Loading
zipp Denial of Service vulnerability Moderate
CVE-2024-5569 was published for zipp (pip) Jul 9, 2024
Aim denial of service vulnerability High
CVE-2024-6227 was published for aim (pip) Jul 8, 2024
Khoj Open Redirect Vulnerability in Login Page Moderate
GHSA-564j-v29w-rqr6 was published for khoj-assistant (pip) Jul 8, 2024
davidxbors
yt-dlp has dependency on potentially malicious third-party code in Douyu extractors Low
GHSA-3v33-3wmw-3785 was published for yt-dlp (pip) Jul 8, 2024
LeSuisse bashonly
Vanna vulnerable to SQL Injection High
CVE-2024-5753 was published for vanna (pip) Jul 5, 2024
Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL Moderate
CVE-2024-31223 was published for ethyca-fides (pip) Jul 5, 2024
RobertKeyser
Certifi removes GLOBALTRUST root certificate Low
CVE-2024-39689 was published for certifi (pip) Jul 5, 2024
Kwpolska
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access Moderate
CVE-2024-32498 was published for cinder (pip) Jul 5, 2024
Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js Low
CVE-2024-38537 was published for ethyca-fides (pip) Jul 2, 2024
yt-dlp File system modification and RCE through improper file-extension sanitization High
CVE-2024-38519 was published for yt-dlp (pip) Jul 2, 2024
pukkandan JarLob
Grub4K
Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py Critical
CVE-2024-39236 was published for Gradio (pip) Jul 1, 2024
kmulka-bloomberg
Weblate vulnerable to improper sanitization of project backups Moderate
CVE-2024-39303 was published for Weblate (pip) Jul 1, 2024
quehill
Reflected Cross-Site Scripting (XSS) in zenml Moderate
CVE-2024-5062 was published for zenml (pip) Jun 30, 2024
ntlk unsafe deserialization vulnerability High
CVE-2024-39705 was published for nltk (pip) Jun 28, 2024
justinrosenthal ekaf
pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint Critical
CVE-2024-5980 was published for lightning (pip) Jun 27, 2024
awaelchli
vanna vulnerable to remote code execution caused by prompt injection Critical
CVE-2024-5826 was published for vanna (pip) Jun 27, 2024
h2o vulnerable to unexpected POST request shutting down server High
CVE-2024-5979 was published for h2o (pip) Jun 27, 2024
lollms vulnerable to path traversal due to unauthenticated root folder settings change High
CVE-2024-6085 was published for lollms (pip) Jun 27, 2024
lollms path traversal vulnerability allows overriding of config.yaml file, leading to RCE High
CVE-2024-5824 was published for lollms (pip) Jun 27, 2024
lollms vulnerable to dot-dot-slash path traversal in XTTS server High
CVE-2024-6139 was published for lollms (pip) Jun 27, 2024
litellm vulnerable to remote code execution based on using eval unsafely Critical
CVE-2024-5751 was published for litellm (pip) Jun 27, 2024
litellm vulnerable to improper access control in team management Moderate
CVE-2024-5710 was published for litellm (pip) Jun 27, 2024
krrishdholakia byt3bl33d3r
Path traversal in saltstack High
CVE-2024-22232 was published for salt (pip) Jun 27, 2024
Directory creation by malicious user in saltstack Moderate
CVE-2024-22231 was published for salt (pip) Jun 27, 2024
Cross-site Scripting in djangorestframework Moderate
CVE-2024-21520 was published for djangorestframework (pip) Jun 26, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database