Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,154
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,030 advisories

Loading
TorchServe gRPC Port Exposure High
CVE-2024-35199 was published for torchserve (pip) Jul 18, 2024
Vanna vulnerable to SQL Injection High
CVE-2024-5753 was published for vanna (pip) Jul 5, 2024
MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution High
CVE-2024-27133 was published for mlflow (pip) Feb 24, 2024
oscerd gabby202308
openstack-heat may disclose sensitive information High
CVE-2024-7319 was published for openstack-heat (pip) Aug 2, 2024
Fiona affected by CVE-2020-14152 related to madler-zlib High
GHSA-g4m4-9q4c-mfw6 was published for fiona (pip) Jul 16, 2024
PyTorch heap buffer overflow vulnerability High
CVE-2024-31580 was published for torch (pip) Apr 17, 2024
levpachmanov
setuptools vulnerable to Command Injection via package URL High
CVE-2024-6345 was published for setuptools (pip) Jul 15, 2024
ntlk unsafe deserialization vulnerability High
CVE-2024-39705 was published for nltk (pip) Jun 28, 2024
js2py allows remote code execution High
CVE-2024-28397 was published for js2py (pip) Jun 20, 2024
PyPXE Buffer Overflow vulnerability High
CVE-2023-46960 was published for PyPXE (pip) Apr 29, 2024
Weave server API vulnerable to arbitrary file leak High
CVE-2024-7340 was published for weave (pip) Jul 31, 2024
Apache Airflow has DAG Author Code Execution possibility in airflow-scheduler High
CVE-2024-39877 was published for apache-airflow (pip) Jul 17, 2024
langchain-experimental vulnerable to Arbitrary Code Execution High
CVE-2024-21513 was published for langchain-experimental (pip) Jul 15, 2024
Django vulnerable to Denial of Service High
CVE-2024-39614 was published for Django (pip) Jul 10, 2024
Ryu Infinite Loop vulnerability High
CVE-2024-34486 was published for ryu (pip) May 5, 2024
pgAdmin is affected by a multi-factor authentication bypass vulnerability High
CVE-2024-4215 was published for pgadmin4 (pip) May 2, 2024
python-jose algorithm confusion with OpenSSH ECDSA keys High
CVE-2024-33663 was published for python-jose (pip) Apr 26, 2024
RPyC's missing security check results in code execution when using numpy.array on the server-side. High
CVE-2024-27758 was published for rpyc (pip) Mar 6, 2024
renbou comrumino
NASA AIT-Core vulnerable to remote code execution High
CVE-2024-35058 was published for ait-core (pip) May 21, 2024
Arbitrary Code Execution in Pillow High
CVE-2023-50447 was published for Pillow (pip) Jan 19, 2024
NASA AIT-Core vulnerable to remote code execution High
CVE-2024-35057 was published for ait-core (pip) May 21, 2024
Django vulnerable to Denial of Service High
CVE-2024-38875 was published for Django (pip) Jul 10, 2024
Insecure Jinja2 templates rendered in Haystack Components can lead to RCE High
CVE-2024-41950 was published for haystack-ai (pip) Jul 31, 2024
Excessive Iteration in gRPC High
CVE-2023-33953 was published for grpc (RubyGems) Aug 9, 2023
levpachmanov
TensorFlow has segfault in array_ops.upper_bound High
CVE-2023-33976 was published for tensorflow (pip) Jul 30, 2024
ProTip! Advisories are also available from the GraphQL API