GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
30
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,683
NuGet
650
pip
3,299
Pub
11
RubyGems
878
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,299 advisories
Filter by severity
zipp Denial of Service vulnerability
Moderate
CVE-2024-5569
was published
for
zipp
(pip)
Jul 9, 2024
Khoj Open Redirect Vulnerability in Login Page
Moderate
GHSA-564j-v29w-rqr6
was published
for
khoj-assistant
(pip)
Jul 8, 2024
yt-dlp has dependency on potentially malicious third-party code in Douyu extractors
Low
GHSA-3v33-3wmw-3785
was published
for
yt-dlp
(pip)
Jul 8, 2024
Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL
Moderate
CVE-2024-31223
was published
for
ethyca-fides
(pip)
Jul 5, 2024
Certifi removes GLOBALTRUST root certificate
Low
CVE-2024-39689
was published
for
certifi
(pip)
Jul 5, 2024
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access
Moderate
CVE-2024-32498
was published
for
cinder
(pip)
Jul 5, 2024
Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js
Low
CVE-2024-38537
was published
for
ethyca-fides
(pip)
Jul 2, 2024
yt-dlp File system modification and RCE through improper file-extension sanitization
High
CVE-2024-38519
was published
for
yt-dlp
(pip)
Jul 2, 2024
Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py
Critical
CVE-2024-39236
was published
for
Gradio
(pip)
Jul 1, 2024
Weblate vulnerable to improper sanitization of project backups
Moderate
CVE-2024-39303
was published
for
Weblate
(pip)
Jul 1, 2024
Reflected Cross-Site Scripting (XSS) in zenml
Moderate
CVE-2024-5062
was published
for
zenml
(pip)
Jun 30, 2024
ntlk unsafe deserialization vulnerability
High
CVE-2024-39705
was published
for
nltk
(pip)
Jun 28, 2024
pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint
Critical
CVE-2024-5980
was published
for
lightning
(pip)
Jun 27, 2024
vanna vulnerable to remote code execution caused by prompt injection
Critical
CVE-2024-5826
was published
for
vanna
(pip)
Jun 27, 2024
h2o vulnerable to unexpected POST request shutting down server
High
CVE-2024-5979
was published
for
h2o
(pip)
Jun 27, 2024
lollms vulnerable to path traversal due to unauthenticated root folder settings change
High
CVE-2024-6085
was published
for
lollms
(pip)
Jun 27, 2024
lollms path traversal vulnerability allows overriding of config.yaml file, leading to RCE
High
CVE-2024-5824
was published
for
lollms
(pip)
Jun 27, 2024
lollms vulnerable to dot-dot-slash path traversal in XTTS server
High
CVE-2024-6139
was published
for
lollms
(pip)
Jun 27, 2024
litellm vulnerable to remote code execution based on using eval unsafely
Critical
CVE-2024-5751
was published
for
litellm
(pip)
Jun 27, 2024
litellm vulnerable to improper access control in team management
Moderate
CVE-2024-5710
was published
for
litellm
(pip)
Jun 27, 2024
Directory creation by malicious user in saltstack
Moderate
CVE-2024-22231
was published
for
salt
(pip)
Jun 27, 2024
Cross-site Scripting in djangorestframework
Moderate
CVE-2024-21520
was published
for
djangorestframework
(pip)
Jun 26, 2024
ProTip!
Advisories are also available from the
GraphQL API