GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,989
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,133
Pub
10
RubyGems
838
Rust
793
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,133 advisories
Filter by severity
rockhopper Buffer Overflow vulnerability
Moderate
CVE-2022-4969
was published
for
rockhopper
(pip)
May 28, 2024
ansibleguy-webui Cross-site Scripting vulnerability
High
CVE-2024-36110
was published
for
ansibleguy-webui
(pip)
May 28, 2024
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability
Low
CVE-2024-34715
was published
for
ethyca-fides
(pip)
May 29, 2024
Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects
Moderate
CVE-2024-36112
was published
for
nautobot
(pip)
May 29, 2024
Duplicate Advisory: Apache Superset uncontrolled resource consumption
Moderate
CVE-2024-23952
was published
for
apache-superset
(pip)
May 30, 2024
•
withdrawn
Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints
Moderate
CVE-2024-35189
was published
for
ethyca-fides
(pip)
Jun 2, 2024
Slack integration leaks sensitive information in logs
Low
CVE-2024-35196
was published
for
sentry
(pip)
Jun 2, 2024
Improper Handling of Insufficient Permissions in `wagtail.contrib.settings`
Moderate
CVE-2024-35228
was published
for
wagtail
(pip)
Jun 2, 2024
code injection vulnerability exists in the huggingface/text-generation-inference repository
Moderate
CVE-2024-3924
was published
for
text-generation
(pip)
Jun 2, 2024
path traversal vulnerability was identified in the parisneo/lollms-webui
Moderate
CVE-2024-4330
was published
for
lollms
(pip)
Jun 2, 2024
qdrant input validation failure
Critical
CVE-2024-3829
was published
for
qdrant-client
(pip)
Jun 3, 2024
ydata unsafe deserialization
High
CVE-2024-37062
was published
for
ydata-profiling
(pip)
Jun 4, 2024
ydata unsafe deserialization
High
CVE-2024-37064
was published
for
ydata-profiling
(pip)
Jun 4, 2024
ProTip!
Advisories are also available from the
GraphQL API