Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,434
Erlang
29
GitHub Actions
16
Go
1,660
Maven
4,922
npm
3,450
NuGet
594
pip
2,840
Pub
10
RubyGems
823
Rust
764
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,843 advisories

Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode Moderate
CVE-2024-3651 was published for idna (pip) Apr 11, 2024
guidovranken
Potential DoS via the Tudoor mechanism in eventlet and dnspython Moderate
CVE-2023-29483 was published for dnspython (pip) Apr 11, 2024
LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint Critical
CVE-2024-2952 was published for litellm (pip) Apr 10, 2024
ishaan-jaff r3kumar
Gradio Local File Inclusion vulnerability High
CVE-2024-1728 was published for gradio (pip) Apr 10, 2024
Aim Web API vulnerable to Remote Code Execution Critical
CVE-2024-2195 was published for aim (pip) Apr 10, 2024
llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution Critical
CVE-2024-3098 was published for llama-index-core (pip) Apr 10, 2024
Aim Cross-Site Request Forgery vulnerability allows user to delete runs and perform other operations High
CVE-2024-2196 was published for aim (pip) Apr 10, 2024
Transformers Deserialization of Untrusted Data vulnerability Low
CVE-2024-3568 was published for transformers (pip) Apr 10, 2024
yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581) High
CVE-2024-22423 was published for yt-dlp (pip) Apr 10, 2024
Ry0taK Grub4K
pukkandan
DIRAC: Unauthorized users can read proxy contents during generation High
CVE-2024-29905 was published for DIRAC (pip) Apr 9, 2024
Ryu Infinite Loop vulnerability High
CVE-2024-28732 was published for ryu (pip) Apr 8, 2024
PyMongo Out-of-bounds Read in the bson module Moderate
CVE-2024-21506 was published for pymongo (pip) Apr 6, 2024
pgAdmin Remote Code Execution (RCE) vulnerability High
CVE-2024-3116 was published for pgadmin4 (pip) Apr 4, 2024
Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check Moderate
CVE-2024-31215 was published for mobsf (pip) Apr 4, 2024
Voilà Local file inclusion High
CVE-2024-30265 was published for voila (pip) Apr 3, 2024
ericfinger trungleduc
martinRenou Carreau
Pillow buffer overflow vulnerability Moderate
CVE-2024-28219 was published for pillow (pip) Apr 3, 2024
Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page High
CVE-2024-30248 was published for piccolo-admin (pip) Apr 1, 2024
Skelmis
aliyundrive-webdav vulnerable to Command Injection High
CVE-2024-29640 was published for aliyundrive-webdav (pip) Mar 29, 2024
Saleor: Customers' addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method Moderate
CVE-2024-29888 was published for saleor (pip) Mar 28, 2024
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing High
CVE-2024-28233 was published for jupyterhub (pip) Mar 28, 2024
Th0h0
Gradio's CI vulnerable to Command Injection High
CVE-2024-1540 was published for gradio (pip) Mar 27, 2024 withdrawn
Lektor does not sanitize database path traversal High
CVE-2024-28335 was published for Lektor (pip) Mar 27, 2024
gradio Server-Side Request Forgery vulnerability High
CVE-2024-2206 was published for gradio (pip) Mar 27, 2024
Apache Airflow Improper Preservation of Permissions vulnerability Moderate
CVE-2024-29735 was published for apache-airflow (pip) Mar 26, 2024
LangChain's XMLOutputParser vulnerable to XML Entity Expansion Moderate
CVE-2024-1455 was published for langchain-core (pip) Mar 26, 2024
eyurtsev
ProTip! Advisories are also available from the GraphQL API