GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,280 advisories
Filter by severity
aiocpa contains credential harvesting code
High
GHSA-486g-47cc-8wxf
was published
for
aiocpa
(pip)
Nov 25, 2024
MLflow's excessive directory permissions allow local privilege escalation
High
CVE-2024-27134
was published
for
mlflow
(pip)
Nov 25, 2024
Tornado has an HTTP cookie parsing DoS vulnerability
High
CVE-2024-52804
was published
for
tornado
(pip)
Nov 22, 2024
GeoNode Server Side Request forgery
High
CVE-2023-40017
was published
for
geonode
(pip)
Nov 21, 2024
LLama Factory Remote OS Command Injection Vulnerability
High
CVE-2024-52803
was published
for
llamafactory
(pip)
Nov 21, 2024
Litestar allows unbounded resource consumption (DoS vulnerability)
High
CVE-2024-52581
was published
for
litestar
(pip)
Nov 20, 2024
HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through
High
CVE-2024-52595
was published
for
lxml-html-clean
(pip)
Nov 19, 2024
Apache Airflow: Sensitive configuration values are not masked in the logs by default
High
CVE-2024-45784
was published
for
airflow
(pip)
Nov 15, 2024
changedetection.io path traversal using file URI scheme without supplying hostname
High
CVE-2024-51998
was published
for
changedetection.io
(pip)
Nov 7, 2024
langflow has vulnerability in PythonCodeTool component
High
CVE-2024-42835
was published
for
langflow
(pip)
Oct 31, 2024
Waitress vulnerable to DoS leading to high CPU usage/resource exhaustion
High
CVE-2024-49769
was published
for
waitress
(pip)
Oct 29, 2024
Duplicate Advisory: pyload-ng vulnerable to RCE with js2py sandbox escape
High
GHSA-25pw-q952-x37g
was published
for
pyload-ng
(pip)
Oct 28, 2024
•
withdrawn
pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API
High
CVE-2024-47821
was published
for
pyload-ng
(pip)
Oct 28, 2024
curl_cffi bundles a version of libcurl affected by High Severity vulnerability
High
GHSA-3vpc-4p9p-47hc
was published
for
curl-cffi
(pip)
Oct 22, 2024
MySQL Connector/Python connector takeover vulnerability
High
CVE-2024-21272
was published
for
mysql-connector-python
(pip)
Oct 15, 2024
Starlette Denial of service (DoS) via multipart/form-data
High
CVE-2024-47874
was published
for
starlette
(pip)
Oct 15, 2024
Gradio uses insecure communication between the FRP client and server
High
CVE-2024-47871
was published
for
gradio
(pip)
Oct 10, 2024
Gradio has a race condition in update_root_in_config may redirect user traffic
High
CVE-2024-47870
was published
for
gradio
(pip)
Oct 10, 2024
Gradio lacks integrity checking on the downloaded FRP client
High
CVE-2024-47867
was published
for
gradio
(pip)
Oct 10, 2024
Gradios's CORS origin validation is not performed when the request has a cookie
High
CVE-2024-47084
was published
for
gradio
(pip)
Oct 10, 2024
DeepSpeed Remote Code Execution Vulnerability
High
CVE-2024-43497
was published
for
deepspeed
(pip)
Oct 8, 2024
OpenC3 Path Traversal via screen controller (`GHSL-2024-127`)
High
CVE-2024-46977
was published
for
openc3
(RubyGems)
Oct 2, 2024
RestrictedPython information leakage via `AttributeError.obj` and the `string` module
High
CVE-2024-47532
was published
for
RestrictedPython
(pip)
Sep 30, 2024
Heap-based Buffer Overflow in sqlite-vec
High
CVE-2024-46488
was published
for
sqlite-vec
(RubyGems)
Sep 25, 2024
ProTip!
Advisories are also available from the
GraphQL API