GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,075
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,075 advisories
Filter by severity
Wagtail has permission check bypass when editing a model with per-field restrictions through `wagtail.contrib.settings` or `ModelViewSet`
Low
CVE-2024-32882
was published
for
wagtail
(pip)
May 1, 2024
nautobot has reflected Cross-site Scripting potential in all object list views
High
CVE-2024-32979
was published
for
nautobot
(pip)
May 1, 2024
Duplicate Advisory: sqlparse parsing heavily nested list leads to Denial of Service
High
GHSA-62qf-jcq8-8gxw
was published
for
sqlparse
(pip)
Apr 30, 2024
•
withdrawn
dcnnt-py is vulnerable to command injection via Notification Handler
Moderate
CVE-2023-1000
was published
for
dcnnt
(pip)
Apr 27, 2024
python-jose algorithm confusion with OpenSSH ECDSA keys
High
CVE-2024-33663
was published
for
python-jose
(pip)
Apr 26, 2024
python-jose denial of service via compressed JWE content
Moderate
CVE-2024-33664
was published
for
python-jose
(pip)
Apr 26, 2024
vyper's range(start, start + N) reverts for negative numbers
Moderate
CVE-2024-32481
was published
for
vyper
(pip)
Apr 25, 2024
vyper performs incorrect topic logging in raw_log
Moderate
CVE-2024-32645
was published
for
vyper
(pip)
Apr 25, 2024
vyper performs double eval of the slice start/length args in certain cases
Moderate
CVE-2024-32646
was published
for
vyper
(pip)
Apr 25, 2024
vyper performs double eval of raw_args in create_from_blueprint
Moderate
CVE-2024-32647
was published
for
vyper
(pip)
Apr 25, 2024
vyper default functions don't respect nonreentrancy keys
Moderate
CVE-2024-32648
was published
for
vyper
(pip)
Apr 25, 2024
vyper performs multiple eval of `sqrt()` argument built in
Moderate
CVE-2024-32649
was published
for
vyper
(pip)
Apr 25, 2024
pyLoad allows upload to arbitrary folder lead to RCE
Critical
CVE-2024-32880
was published
for
pyload-ng
(pip)
Apr 24, 2024
social-auth-app-django affected by Improper Handling of Case Sensitivity
Moderate
CVE-2024-32879
was published
for
social-auth-app-django
(pip)
Apr 24, 2024
Synapse V2 state resolution weakness allows Denial of Service (DoS)
Moderate
CVE-2024-31208
was published
for
matrix-synapse
(pip)
Apr 23, 2024
cg vulnerable to an Open Redirect Vulnerability on Referer Header
Moderate
GHSA-w228-rfpx-fhm4
was published
for
cg
(pip)
Apr 23, 2024
dbt uses a SQLparse version with a high vulnerability
High
GHSA-p72q-h37j-3hq7
was published
for
dbt-core
(pip)
Apr 22, 2024
OpenStack Storlets arbitrary code execution vulnerability
High
CVE-2024-28717
was published
for
storlets
(pip)
Apr 22, 2024
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider
Moderate
CVE-2024-29733
was published
for
apache-airflow-providers-ftp
(pip)
Apr 21, 2024
flask-cors vulnerable to log injection when the log level is set to debug
Moderate
CVE-2024-1681
was published
for
flask-cors
(pip)
Apr 19, 2024
Sentry vulnerable to leaking superuser cleartext password in logs
High
CVE-2024-32474
was published
for
sentry
(pip)
Apr 18, 2024
aiohttp Cross-site Scripting vulnerability on index pages for static file handling
Moderate
CVE-2024-27306
was published
for
aiohttp
(pip)
Apr 18, 2024
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used
Moderate
CVE-2024-31869
was published
for
apache-airflow
(pip)
Apr 18, 2024
Cross-site Scripting (XSS) in mindsdb/mindsdb
Moderate
CVE-2024-3575
was published
for
mindsdb
(pip)
Apr 16, 2024
Duplicate Advisory: Scrapy decompression bomb vulnerability
High
GHSA-rmqv-7v3j-mr7p
was published
for
scrapy
(pip)
Apr 16, 2024
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API