GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,079
Erlang
29
GitHub Actions
19
Go
1,905
Maven
5,000+
npm
3,637
NuGet
638
pip
3,256
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
281 advisories
Filter by severity
Dynamic Variable Evaluation in qiskit-ibm-runtime
Low
GHSA-cq96-9974-v8hm
was published
for
qiskit-ibm-runtime
(pip)
Mar 20, 2024
Improper Privilege Management in djangorestframework-simplejwt
Low
CVE-2024-22513
was published
for
djangorestframework-simplejwt
(pip)
Mar 16, 2024
fgr Vulnerable to Insecure Default Variable Initialization
Low
GHSA-879p-8gw4-mcpw
was published
for
fgr
(pip)
Mar 15, 2024
LangChain directory traversal vulnerability
Low
CVE-2024-28088
was published
for
langchain
(pip)
Mar 4, 2024
Vyper's `extract32` can ready dirty memory
Low
CVE-2024-24564
was published
for
vyper
(pip)
Feb 26, 2024
Vyper's `_abi_decode` vulnerable to Memory Overflow
Low
CVE-2024-26149
was published
for
vyper
(pip)
Feb 26, 2024
PyPop C extensions possible vulnerability: missing arguments and redundant null pointers
Low
GHSA-p4m5-32pr-2hqr
was published
for
pypop-genomics
(pip)
Feb 26, 2024
langchain Server-Side Request Forgery vulnerability
Low
CVE-2024-0243
was published
for
langchain
(pip)
Feb 26, 2024
tuf's Metadata API: Targets.get_delegated_role() is missing input validation
Low
GHSA-77hh-43cm-v8j6
was published
for
tuf
(pip)
Feb 16, 2024
commonground-api-common unexploitable privilege escalation in JWT authentication middleware
Low
GHSA-c4cm-r9fh-jgj9
was published
for
commonground-api-common
(pip)
Feb 9, 2024
Vyper's external calls can overflow return data to return input buffer
Low
CVE-2024-24560
was published
for
vyper
(pip)
Feb 2, 2024
vantage6 may create unencrypted tasks in encrypted collaboration
Low
CVE-2024-22193
was published
for
vantage6
(pip)
Jan 30, 2024
vantage6 vulnerable to username timing attack
Low
CVE-2024-21671
was published
for
vantage6-server
(pip)
Jan 30, 2024
changedetection.io API endpoint is not secured with API token
Low
CVE-2024-23329
was published
for
changedetection.io
(pip)
Jan 23, 2024
Minor fix to previous patch for CVE-2022-35918
Low
GHSA-8qw9-gf7w-42x5
was published
for
streamlit
(pip)
Jan 12, 2024
cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code
Low
CVE-2024-22194
was published
for
case-utils
(pip)
Jan 11, 2024
Nautobot missing object-level permissions enforcement when running Job Buttons
Low
CVE-2023-51649
was published
for
nautobot
(pip)
Dec 22, 2023
Unauthenticated db-file-storage views
Low
CVE-2023-50263
was published
for
nautobot
(pip)
Dec 13, 2023
dbt-core's secret env vars written to package-lock.json in plaintext
Low
GHSA-j4g3-3q8x-jxqp
was published
for
dbt-core
(pip)
Dec 8, 2023
PyDrive2's unsafe YAML deserialization in LoadSettingsFile allows arbitrary code execution
Low
CVE-2023-49297
was published
for
PyDrive2
(pip)
Dec 5, 2023
Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacks
Low
CVE-2023-47641
was published
for
aiohttp
(pip)
Nov 14, 2023
Fides JavaScript Injection Vulnerability in Privacy Center URL
Low
CVE-2023-46126
was published
for
ethyca-fides
(pip)
Oct 24, 2023
Wagtail vulnerable to disclosure of user names via admin bulk action views
Low
CVE-2023-45809
was published
for
wagtail
(pip)
Oct 19, 2023
vantage6 does not properly delete linked resources when deleting a collaboration
Low
CVE-2023-41881
was published
for
vantage6
(pip)
Oct 16, 2023
ProTip!
Advisories are also available from the
GraphQL API