Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,066 advisories

scikit-learn sensitive data leakage vulnerability Moderate
CVE-2024-5206 was published for scikit-learn (pip) Jun 6, 2024
Improper authentication in zenml Low
CVE-2024-2213 was published for zenml (pip) Jun 6, 2024
Clickjacking in zenml Moderate
CVE-2024-2383 was published for zenml (pip) Jun 6, 2024
Race condition in zenml Low
CVE-2024-2032 was published for zenml (pip) Jun 6, 2024
Local File Inclusion in mlflow High
CVE-2024-2928 was published for mlflow (pip) Jun 6, 2024
Server-Side Request Forgery in langchain Moderate
CVE-2024-3095 was published for langchain (pip) Jun 6, 2024
Undefined Behavior in mlflow Moderate
CVE-2024-3099 was published for mlflow (pip) Jun 6, 2024
Improper authorization in zenml Moderate
CVE-2024-2035 was published for zenml (pip) Jun 6, 2024
Cross site scripting in zenml Low
CVE-2024-2171 was published for zenml (pip) Jun 6, 2024
Denial of service in langchain-community Moderate
CVE-2024-2965 was published for langchain-community (pip) Jun 6, 2024
eyurtsev efriis
Remote code execution in mlflow Critical
CVE-2024-0520 was published for mlflow (pip) Jun 6, 2024
Jupyter server on Windows discloses Windows user password hash High
CVE-2024-35178 was published for jupyter_server (pip) Jun 6, 2024
nvn1729
Remote code execution in pytorch lightning Critical
CVE-2024-5452 was published for lightning (pip) Jun 6, 2024
Local file inclusion in gradio High
CVE-2024-4941 was published for gradio (pip) Jun 6, 2024
Server-Side Request Forgery in gradio High
CVE-2024-4325 was published for gradio (pip) Jun 6, 2024
Observable Timing Discrepancy in pypqc High
GHSA-hvh4-5qr6-3v7r was published for pypqc (pip) Jun 5, 2024
JamesTheAwesomeDude
PyMongo Out-of-bounds Read in the bson module Moderate
CVE-2024-5629 was published for pymongo (pip) Jun 5, 2024
Arbitrary JavaScript execution due to using outdated libraries Low
GHSA-4m3g-6r7g-jv4f was published for gradio_pdf (pip) Jun 5, 2024
isacaya
Skops unsafe deserialization High
CVE-2024-37065 was published for skops (pip) Jun 4, 2024
MLFlow improper input validation High
CVE-2024-37061 was published for mlflow (pip) Jun 4, 2024
ydata unsafe deserialization High
CVE-2024-37064 was published for ydata-profiling (pip) Jun 4, 2024
ydata unsafe deserialization High
CVE-2024-37062 was published for ydata-profiling (pip) Jun 4, 2024
ydata cross-site scripting High
CVE-2024-37063 was published for ydata-profiling (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37059 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37060 was published for mlflow (pip) Jun 4, 2024
ProTip! Advisories are also available from the GraphQL API