Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

265 advisories

Loading
Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API Low
CVE-2024-52008 was published for ethyca-fides (pip) Nov 26, 2024
h0wl andres-torres-marroquin
daveqnet erosselli
OpenStack Nova host data leak to vm instance in rescue mode Low
CVE-2014-0134 was published for nova (pip) May 17, 2022
Vyper's external calls can overflow return data to return input buffer Low
CVE-2024-24560 was published for vyper (pip) Feb 2, 2024
zobront
Vyper sha3 codegen bug Low
CVE-2024-24559 was published for vyper (pip) Feb 5, 2024
cyberthirst kuroi8
LIEF obtain sensitive information via the name parameter Low
CVE-2024-31636 was published for lief (pip) May 3, 2024
PyDrive2's unsafe YAML deserialization in LoadSettingsFile allows arbitrary code execution Low
CVE-2023-49297 was published for PyDrive2 (pip) Dec 5, 2023
ejedev
GoLismero symlink attack Low
CVE-2012-0054 was published for golismero (pip) May 4, 2022
Nautobot missing object-level permissions enforcement when running Job Buttons Low
CVE-2023-51649 was published for nautobot (pip) Dec 22, 2023
abdikanipd
Unauthenticated db-file-storage views Low
CVE-2023-50263 was published for nautobot (pip) Dec 13, 2023
Kircheneer
OpenStack Nova Scheduler denial of service through scheduler_hints Low
CVE-2012-3371 was published for Nova (pip) May 17, 2022
OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability Low
CVE-2022-4134 was published for glance (pip) Mar 7, 2023
OpenStack Keystone Sensitive information disclosure via log files Low
CVE-2013-2006 was published for keystone (pip) May 17, 2022
Zope allows local users to read arbitrary files Low
CVE-2006-3458 was published for Zope2 (pip) May 1, 2022
OpenStack Keystone intended authorization restrictions bypass Low
CVE-2012-5571 was published for Keystone (pip) May 17, 2022
CHECK-fail in `QuantizeAndDequantizeV4Grad` Low
CVE-2021-29544 was published for tensorflow (pip) May 21, 2021
Incorrect parsing of nameless cookies leads to __Host- cookies bypass Low
CVE-2023-23934 was published for Werkzeug (pip) Feb 15, 2023
lavish
vantage6 does not properly delete linked resources when deleting a collaboration Low
CVE-2023-41881 was published for vantage6 (pip) Oct 16, 2023
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability Low
CVE-2024-42447 was published for apache-airflow-providers-fab (pip) Aug 5, 2024
dbt has an implicit override for built-in materializations from installed packages Low
CVE-2024-40637 was published for dbt-core (pip) Jul 17, 2024
brabster
Weblate vulnerable to improper sanitization of project backups Low
CVE-2024-39303 was published for Weblate (pip) Jul 1, 2024
quehill
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted PyPI package Low
CVE-2022-23531 was published for guarddog (pip) Dec 2, 2022
Incorrect signature verification in django-ses Low
CVE-2023-33185 was published for django-ses (pip) May 22, 2023
josephsurin
ProTip! Advisories are also available from the GraphQL API