Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,062
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,622
NuGet
638
pip
3,233
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,079 advisories

Loading
Gradio Path Traversal vulnerability High
CVE-2024-0964 was published for gradio (pip) Feb 6, 2024
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack High
CVE-2023-50782 was published for cryptography (pip) Feb 5, 2024
Duplicate Advisory: FastAPI Content-Type Header ReDoS High
GHSA-qf9m-vfgh-m389 was published for fastapi (pip) Feb 5, 2024 withdrawn
nicecatch2000 huonw
garyd203 levpachmanov
Duplicate Advisory: Starlette Content-Type Header ReDoS High
GHSA-93gm-qmq6-w238 was published for starlette (pip) Feb 5, 2024 withdrawn
tiangolo nicecatch2000
vantage6 remote code execution vulnerability High
CVE-2024-21649 was published for vantage6 (pip) Jan 30, 2024
CrateDB authentication bypass vulnerability High
CVE-2023-51982 was published for crate (Maven) Jan 30, 2024
Tu0Laj1
Apache Airflow: pickle deserialization vulnerability in XComs High
CVE-2023-50943 was published for apache-airflow (pip) Jan 24, 2024
Cross-site Scripting Vulnerability on Avatar Upload High
CVE-2023-47115 was published for label-studio (pip) Jan 24, 2024
alex-elttam
XSS potential in rendered Markdown fields (comments, description, notes, etc.) High
CVE-2024-23345 was published for nautobot (pip) Jan 23, 2024
Kircheneer
Minerva timing attack on P-256 in python-ecdsa High
CVE-2024-23342 was published for ecdsa (pip) Jan 22, 2024
tomato42
Code execution in metagpt High
CVE-2024-23750 was published for metagpt (pip) Jan 22, 2024
Arbitrary Code Execution in Pillow High
CVE-2023-50447 was published for Pillow (pip) Jan 19, 2024
JupyterLab vulnerable to potential authentication and CSRF tokens leak High
CVE-2024-22421 was published for jupyterlab (pip) Jan 19, 2024
davwwwx
concat built-in can corrupt memory in vyper High
CVE-2024-22419 was published for vyper (pip) Jan 19, 2024
cyberthirst kuroi8
Unsecured endpoints in the jupyter-lsp server extension High
CVE-2024-22415 was published for jupyter-lsp (pip) Jan 18, 2024
Cross-Frame Scripting vulnerability has been found on Plone CMS High
CVE-2024-0669 was published for Plone (pip) Jan 18, 2024
Remote Code Execution vulnerability in Apache IoTDB via UDF High
CVE-2023-46226 was published for apache-iotdb (Maven) Jan 15, 2024
Path traversal in flaskcode High
CVE-2023-52288 was published for flaskcode (pip) Jan 13, 2024
Path traversal in flaskcode High
CVE-2023-52289 was published for flaskcode (pip) Jan 13, 2024
Gentoo Portage missing PGP validation of executed code High
CVE-2016-20021 was published for portage (pip) Jan 12, 2024
Untrusted search path under some conditions on Windows allows arbitrary code execution High
CVE-2024-22190 was published for GitPython (pip) Jan 10, 2024
EliahKagan
fonttools XML External Entity Injection (XXE) Vulnerability High
CVE-2023-45139 was published for fonttools (pip) Jan 9, 2024
acornall
pyload Unauthenticated Flask Configuration Leakage vulnerability High
CVE-2024-21644 was published for pyload-ng (pip) Jan 8, 2024
PinkDraconian
D-Tale server-side request forgery through Web uploads High
CVE-2024-21642 was published for dtale (pip) Jan 5, 2024
sylwia-budzynska
PaddlePaddle heap buffer overflow in paddle.repeat_interleave High
CVE-2023-52309 was published for PaddlePaddle (pip) Jan 3, 2024
ProTip! Advisories are also available from the GraphQL API