Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,439 advisories

Loading
Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files Moderate
CVE-2024-1727 was published for gradio (pip) May 21, 2024
Duplicate Advisory: Cross-Site Request Forgery in Gradio Moderate
GHSA-3x9g-xfj5-fq84 was published for gradio (pip) Mar 21, 2024 withdrawn
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
Policies not properly enforced in bluemonday Moderate
CVE-2021-42576 was published for github.com/microcosm-cc/bluemonday (Go) Oct 19, 2021
Scrapy leaks the authorization header on same-domain but cross-origin redirects Moderate
CVE-2024-1968 was published for Scrapy (pip) May 14, 2024
Szarny
aiosmtpd STARTTLS unencrypted commands injection Moderate
CVE-2024-34083 was published for aiosmtpd (pip) May 20, 2024
Arusekk
Denial-of-service possibility in logout() view by filling session store Moderate
CVE-2015-5964 was published for Django (pip) May 17, 2022
MarkLee131
Cross-site request forgery in Django Moderate
CVE-2011-0696 was published for django (pip) Jul 23, 2018
MarkLee131
Session manipulation in Django Moderate
CVE-2011-4136 was published for django (pip) Jul 23, 2018
MarkLee131
Django Denial of Service Vulnerability in the authentication framework Moderate
CVE-2013-1443 was published for django (pip) May 17, 2022
Code Injection in Django Moderate
CVE-2014-0472 was published for Django (pip) May 17, 2022
MarkLee131
Django Reuses Cached CSRF Token Moderate
CVE-2014-0473 was published for django (pip) May 17, 2022
MarkLee131
MLflow allows low privilege users to delete any artifact Moderate
CVE-2024-4263 was published for mlflow (pip) May 16, 2024
Django database denial-of-service with ModelMultipleChoiceField Moderate
CVE-2015-0222 was published for Django (pip) May 17, 2022
MarkLee131
OpenStack Glance Bypass the storage quota and Denial of service Moderate
CVE-2014-9623 was published for glance (pip) May 17, 2022
OpenStack Glance Denial of service by creating a large number of images Moderate
CVE-2014-9684 was published for glance (pip) May 17, 2022
OpenStack Glance Denial of service by creating a large number of images Moderate
CVE-2015-1881 was published for glance (pip) May 17, 2022
OpenStack Glance improper validation of the image_size_cap configuration option Moderate
CVE-2014-5356 was published for glance (pip) May 17, 2022
OpenStack Glance v2 API unrestricted path traversal through filesystem:// scheme Moderate
CVE-2015-1195 was published for glance (pip) May 14, 2022
OpenStack Swift Unauthorized delete of versioned Swift object Moderate
CVE-2015-1856 was published for swift (pip) May 14, 2022
OpenStack Swift metadata constraints are not correctly enforced Moderate
CVE-2014-7960 was published for swift (pip) May 17, 2022
OpenStack Swift allows authenticated users to cause a denial of service Moderate
CVE-2013-4155 was published for swift (pip) May 17, 2022
OpenStack Swift XML external entities (XXE) Injection Moderate
CVE-2022-47950 was published for swift (pip) Jan 18, 2023
OpenStack Horizon Cross-site Scripting (XSS) Moderate
CVE-2017-7400 was published for horizon (pip) May 14, 2022
OpenStack Nova Directory traversal vulnerability Moderate
CVE-2012-3360 was published for nova (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API