GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,163
Erlang
30
GitHub Actions
19
Go
1,969
Maven
5,000+
npm
3,695
NuGet
654
pip
3,311
Pub
11
RubyGems
881
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+
261 advisories
Filter by severity
Wagtail has permission check bypass when editing a model with per-field restrictions through `wagtail.contrib.settings` or `ModelViewSet`
Low
CVE-2024-32882
was published
for
wagtail
(pip)
May 1, 2024
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider
Low
CVE-2024-29733
was published
for
apache-airflow-providers-ftp
(pip)
Apr 21, 2024
Transformers Deserialization of Untrusted Data vulnerability
Low
CVE-2024-3568
was published
for
transformers
(pip)
Apr 10, 2024
Unauthenticated views may expose information to anonymous users
Low
CVE-2024-29199
was published
for
nautobot
(pip)
Mar 26, 2024
Dynamic Variable Evaluation in qiskit-ibm-runtime
Low
GHSA-cq96-9974-v8hm
was published
for
qiskit-ibm-runtime
(pip)
Mar 20, 2024
Improper Privilege Management in djangorestframework-simplejwt
Low
CVE-2024-22513
was published
for
djangorestframework-simplejwt
(pip)
Mar 16, 2024
fgr Vulnerable to Insecure Default Variable Initialization
Low
GHSA-879p-8gw4-mcpw
was published
for
fgr
(pip)
Mar 15, 2024
LangChain directory traversal vulnerability
Low
CVE-2024-28088
was published
for
langchain
(pip)
Mar 4, 2024
Vyper's `extract32` can ready dirty memory
Low
CVE-2024-24564
was published
for
vyper
(pip)
Feb 26, 2024
Vyper's `_abi_decode` vulnerable to Memory Overflow
Low
CVE-2024-26149
was published
for
vyper
(pip)
Feb 26, 2024
PyPop C extensions possible vulnerability: missing arguments and redundant null pointers
Low
GHSA-p4m5-32pr-2hqr
was published
for
pypop-genomics
(pip)
Feb 26, 2024
langchain Server-Side Request Forgery vulnerability
Low
CVE-2024-0243
was published
for
langchain
(pip)
Feb 26, 2024
tuf's Metadata API: Targets.get_delegated_role() is missing input validation
Low
GHSA-77hh-43cm-v8j6
was published
for
tuf
(pip)
Feb 16, 2024
commonground-api-common unexploitable privilege escalation in JWT authentication middleware
Low
GHSA-c4cm-r9fh-jgj9
was published
for
commonground-api-common
(pip)
Feb 9, 2024
Vyper's external calls can overflow return data to return input buffer
Low
CVE-2024-24560
was published
for
vyper
(pip)
Feb 2, 2024
vantage6 may create unencrypted tasks in encrypted collaboration
Low
CVE-2024-22193
was published
for
vantage6
(pip)
Jan 30, 2024
vantage6 vulnerable to username timing attack
Low
CVE-2024-21671
was published
for
vantage6-server
(pip)
Jan 30, 2024
changedetection.io API endpoint is not secured with API token
Low
CVE-2024-23329
was published
for
changedetection.io
(pip)
Jan 23, 2024
Minor fix to previous patch for CVE-2022-35918
Low
GHSA-8qw9-gf7w-42x5
was published
for
streamlit
(pip)
Jan 12, 2024
cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code
Low
CVE-2024-22194
was published
for
case-utils
(pip)
Jan 11, 2024
Nautobot missing object-level permissions enforcement when running Job Buttons
Low
CVE-2023-51649
was published
for
nautobot
(pip)
Dec 22, 2023
Unauthenticated db-file-storage views
Low
CVE-2023-50263
was published
for
nautobot
(pip)
Dec 13, 2023
dbt-core's secret env vars written to package-lock.json in plaintext
Low
GHSA-j4g3-3q8x-jxqp
was published
for
dbt-core
(pip)
Dec 8, 2023
ProTip!
Advisories are also available from the
GraphQL API