Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,271
Erlang
28
GitHub Actions
16
Go
1,639
Maven
4,910
npm
3,436
NuGet
594
pip
2,673
Pub
10
RubyGems
821
Rust
760
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,674 advisories

pyLoad allows upload to arbitrary folder lead to RCE Critical
CVE-2024-32880 was published for pyload-ng (pip) Apr 24, 2024
zhcy2018
social-auth-app-django affected by Improper Handling of Case Sensitivity Moderate
CVE-2024-32879 was published for social-auth-app-django (pip) Apr 24, 2024
bradenmacdonald nijel
Synapse V2 state resolution weakness allows Denial of Service (DoS) Moderate
CVE-2024-31208 was published for matrix-synapse (pip) Apr 23, 2024
cg vulnerable to an Open Redirect Vulnerability on Referer Header Moderate
GHSA-w228-rfpx-fhm4 was published for cg (pip) Apr 23, 2024
aydinnyunus
dbt uses a SQLparse version with a high vulnerability High
GHSA-p72q-h37j-3hq7 was published for dbt-core (pip) Apr 22, 2024
DanMawdsleyBA
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider Moderate
CVE-2024-29733 was published for apache-airflow-providers-ftp (pip) Apr 21, 2024
ericwb
Sentry vulnerable to leaking superuser cleartext password in logs High
CVE-2024-32474 was published for sentry (pip) Apr 18, 2024
lluuaapp
aiohttp Cross-site Scripting vulnerability on index pages for static file handling Moderate
CVE-2024-27306 was published for aiohttp (pip) Apr 18, 2024
arkark
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used Moderate
CVE-2024-31869 was published for apache-airflow (pip) Apr 18, 2024
Duplicate Advisory: Scrapy authorization header leakage on cross-domain redirect High
GHSA-4q82-j5c2-g2c5 was published for scrapy (pip) Apr 16, 2024 withdrawn
Duplicate Advisory: Scrapy decompression bomb vulnerability High
GHSA-rmqv-7v3j-mr7p was published for scrapy (pip) Apr 16, 2024 withdrawn
mlflow vulnerable to Path Traversal Critical
CVE-2024-3573 was published for mlflow (pip) Apr 16, 2024
llama-index-core Command Injection vulnerability Critical
CVE-2024-3271 was published for llama-index-core (pip) Apr 16, 2024
langchain vulnerable to path traversal Moderate
CVE-2024-3571 was published for langchain (pip) Apr 16, 2024
Cross-site Scripting (XSS) in mindsdb/mindsdb Moderate
CVE-2024-3575 was published for mindsdb (pip) Apr 16, 2024
gradio vulnerable to Path Traversal High
CVE-2024-1561 was published for gradio (pip) Apr 16, 2024
mlflow vulnerable to Path Traversal High
CVE-2024-1560 was published for mlflow (pip) Apr 16, 2024
Insecure deserialization in BentoML Critical
CVE-2024-2912 was published for bentoml (pip) Apr 16, 2024
mlflow vulnerable to Path Traversal High
CVE-2024-1593 was published for mlflow (pip) Apr 16, 2024
mlflow vulnerable to Path Traversal High
CVE-2024-1594 was published for mlflow (pip) Apr 16, 2024
Directory traversal in zenml Critical
CVE-2024-2083 was published for zenml (pip) Apr 16, 2024
zenml Session Fixation vulnerability Moderate
CVE-2024-2260 was published for zenml (pip) Apr 16, 2024
Request smuggling leading to endpoint restriction bypass in Gunicorn High
CVE-2024-1135 was published for gunicorn (pip) Apr 16, 2024
gradio Server-Side Request Forgery vulnerability Moderate
CVE-2024-1183 was published for gradio (pip) Apr 16, 2024
mlflow Path Traversal vulnerability High
CVE-2024-1483 was published for mlflow (pip) Apr 16, 2024
ProTip! Advisories are also available from the GraphQL API