Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,804
Erlang
29
GitHub Actions
16
Go
1,713
Maven
4,948
npm
3,477
NuGet
605
pip
3,007
Pub
10
RubyGems
830
Rust
774
Swift
34
Unreviewed advisories
All unreviewed
5,000+

37 advisories

Apache Superset uncontrolled resource consumption Moderate
CVE-2024-23952 was published for apache-superset (pip) May 30, 2024 withdrawn
Duplicate Advisory: Scrapy leaks the authorization header on same-domain but cross-origin redirects High
GHSA-cg34-w3fm-82h3 was published for scrapy (pip) May 20, 2024 withdrawn
Withdrawn Advisory: Weights and Biases (wandb) has a Server-Side Request Forgery (SSRF) vulnerability High
CVE-2024-4642 was published for wandb (pip) May 16, 2024 withdrawn
Duplicate Advisory: sqlparse parsing heavily nested list leads to Denial of Service High
GHSA-62qf-jcq8-8gxw was published for sqlparse (pip) Apr 30, 2024 withdrawn
Duplicate Advisory: Scrapy decompression bomb vulnerability High
GHSA-rmqv-7v3j-mr7p was published for scrapy (pip) Apr 16, 2024 withdrawn
Duplicate Advisory: Scrapy authorization header leakage on cross-domain redirect High
GHSA-4q82-j5c2-g2c5 was published for scrapy (pip) Apr 16, 2024 withdrawn
Gradio's CI vulnerable to Command Injection High
CVE-2024-1540 was published for gradio (pip) Mar 27, 2024 withdrawn
Duplicate Advisory: Cross-Site Request Forgery in Gradio Moderate
GHSA-3x9g-xfj5-fq84 was published for gradio (pip) Mar 21, 2024 withdrawn
Duplicate Advisory: ReDos vulnerability of XMLFeedSpider High
GHSA-7c9g-vj9m-8pm6 was published for scrapy (pip) Feb 28, 2024 withdrawn
Duplicate Advisory: FastAPI Content-Type Header ReDoS High
GHSA-qf9m-vfgh-m389 was published for fastapi (pip) Feb 5, 2024 withdrawn
nicecatch2000 huonw
garyd203 levpachmanov
Duplicate Advisory: Starlette Content-Type Header ReDoS High
GHSA-93gm-qmq6-w238 was published for starlette (pip) Feb 5, 2024 withdrawn
tiangolo nicecatch2000
Duplicate Advisory: Apache Superset - Elevation of Privilege Moderate
GHSA-392c-vjfv-h7wr was published for apache-superset (pip) Nov 27, 2023 withdrawn
Duplicate Advisory: Keylime's registrar vulnerable to Denial-of-service attack via a single open connection High
GHSA-9gjg-834p-5gvv was published for keylime (pip) Jul 24, 2023 withdrawn
Withdrawn: Use after free in SciPy Critical
CVE-2023-29824 was published for scipy (pip) Jul 6, 2023 withdrawn
vin01
Withdrawn: scipy memory leak vulnerability Moderate
CVE-2023-25399 was published for scipy (pip) Jul 5, 2023 withdrawn
Duplicate Advisory: Starlette vulnerable to directory traversal High
GHSA-qj8w-rv5x-2v9h was published for starlette (pip) Jun 1, 2023 withdrawn
Withdrawn: safeurl-python contains Server-Side Request Forgery Moderate
GHSA-rw83-v3pw-m362 was published for safeurl-python (pip) Jan 30, 2023 withdrawn
Duplicate Advisory: Improper Restriction of XML External Entity Reference in pikepdf Critical
CVE-2021-46849 was published for pikepdf (pip) Oct 24, 2022 withdrawn
Withdrawn: Denial of Service in aiohttp Moderate
CVE-2022-33124 was published for aiohttp (pip) Jun 24, 2022 withdrawn
webknjaz
StackStorm st2 Infinite Loop Condition High
CVE-2021-28667 was published for st2client (pip) May 24, 2022 withdrawn
Duplicate Advisory: Unauthorized privilege escalation in Mod module High
GHSA-q886-75m2-vff8 was published for red-discordbot (pip) May 24, 2022 withdrawn
OpenStack Neutron allows remote authenticated users to cause a denial of service Moderate
CVE-2014-3555 was published for neutron (pip) May 17, 2022 withdrawn
oliverchang
Withdrawn Advisory: OnionShare Predictable Pathname High
CVE-2018-19960 was published for onionshare-cli (pip) May 14, 2022 withdrawn
Withdrawn Advisory: Pulp Improper Path Parsing Moderate
CVE-2018-10917 was published for pulpcore (pip) May 13, 2022 withdrawn
Duplicate Advisory: Incorrect Authorization in Gerapy Critical
CVE-2021-44597 was published for gerapy (pip) Mar 11, 2022 withdrawn
ProTip! Advisories are also available from the GraphQL API