Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,432 advisories

dbt allows Binding to an Unrestricted IP Address via socketsocket Moderate
CVE-2024-36105 was published for dbt-core (pip) May 28, 2024
ericwb
jupyter-scheduler's endpoint is missing authentication Moderate
CVE-2024-28188 was published for jupyter-scheduler (pip) May 23, 2024
krassowski Carreau
andrii-i dlqqq yuvipanda
Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files Moderate
CVE-2024-1727 was published for gradio (pip) May 21, 2024
OMERO.web must check that the JSONP callback is a valid function Moderate
CVE-2024-35180 was published for omero-web (pip) May 21, 2024
Requests `Session` object does not verify requests after making first request with verify=False Moderate
CVE-2024-35195 was published for requests (pip) May 20, 2024
mikeassel sigmavirus24
nateprewitt
aiosmtpd STARTTLS unencrypted commands injection Moderate
CVE-2024-34083 was published for aiosmtpd (pip) May 20, 2024
Arusekk
MLflow allows low privilege users to delete any artifact Moderate
CVE-2024-4263 was published for mlflow (pip) May 16, 2024
Scrapy allows redirect following in protocols other than HTTP Moderate
GHSA-23j4-mw76-5v7h was published for Scrapy (pip) May 14, 2024
Scrapy's redirects ignoring scheme-specific proxy settings Moderate
GHSA-jm3v-qxmh-hxwv was published for Scrapy (pip) May 14, 2024
Scrapy leaks the authorization header on same-domain but cross-origin redirects Moderate
CVE-2024-1968 was published for Scrapy (pip) May 14, 2024
Szarny
Apache Airflow: XSS vulnerability in Task Instance Log/Log Details Moderate
CVE-2024-32077 was published for apache-airflow (pip) May 14, 2024
Apache Superset Incorrect Authorization vulnerability Moderate
CVE-2024-28148 was published for apache-superset (pip) May 7, 2024
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter Moderate
CVE-2024-34064 was published for Jinja2 (pip) May 6, 2024
Ry0taK
WordOps has TOCTOU race condition Moderate
CVE-2024-34528 was published for wordops (pip) May 6, 2024
VirtuBox
Nebari prints temporary Keycloak root password Moderate
CVE-2024-34529 was published for nebari (pip) May 6, 2024
Gradio's Component Server does not properly consider` _is_server_fn` for functions Moderate
CVE-2024-34511 was published for gradio (pip) May 5, 2024
Ryu Infinite Loop vulnerability Moderate
CVE-2024-34483 was published for ryu (pip) May 5, 2024
Ryu Infinite Loop vulnerability Moderate
CVE-2024-34486 was published for ryu (pip) May 5, 2024
Ryu Infinite Loop vulnerability Moderate
CVE-2024-34489 was published for ryu (pip) May 5, 2024
Ryu Infinite Loop vulnerability Moderate
CVE-2024-34484 was published for ryu (pip) May 5, 2024
Ryu Infinite Loop vulnerability Moderate
CVE-2024-34488 was published for ryu (pip) May 5, 2024
Ryu Infinite Loop vulnerability Moderate
CVE-2024-34487 was published for ryu (pip) May 5, 2024
changedetection.io Cross-site Scripting vulnerability Moderate
CVE-2024-34061 was published for changedetection.io (pip) May 3, 2024
Nguyen-Trung-Kien
dcnnt-py is vulnerable to command injection via Notification Handler Moderate
CVE-2023-1000 was published for dcnnt (pip) Apr 27, 2024
python-jose denial of service via compressed JWE content Moderate
CVE-2024-33664 was published for python-jose (pip) Apr 26, 2024
garyd203
ProTip! Advisories are also available from the GraphQL API