GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,804
Erlang
29
GitHub Actions
16
Go
1,713
Maven
4,948
npm
3,477
NuGet
605
pip
3,007
Pub
10
RubyGems
830
Rust
774
Swift
34
Unreviewed advisories
All unreviewed
5,000+
37 advisories
Filter by severity
Apache Superset uncontrolled resource consumption
Moderate
CVE-2024-23952
was published
for
apache-superset
(pip)
May 30, 2024
•
withdrawn
Duplicate Advisory: Scrapy leaks the authorization header on same-domain but cross-origin redirects
High
GHSA-cg34-w3fm-82h3
was published
for
scrapy
(pip)
May 20, 2024
•
withdrawn
Withdrawn Advisory: Weights and Biases (wandb) has a Server-Side Request Forgery (SSRF) vulnerability
High
CVE-2024-4642
was published
for
wandb
(pip)
May 16, 2024
•
withdrawn
Duplicate Advisory: sqlparse parsing heavily nested list leads to Denial of Service
High
GHSA-62qf-jcq8-8gxw
was published
for
sqlparse
(pip)
Apr 30, 2024
•
withdrawn
Duplicate Advisory: Scrapy decompression bomb vulnerability
High
GHSA-rmqv-7v3j-mr7p
was published
for
scrapy
(pip)
Apr 16, 2024
•
withdrawn
Duplicate Advisory: Scrapy authorization header leakage on cross-domain redirect
High
GHSA-4q82-j5c2-g2c5
was published
for
scrapy
(pip)
Apr 16, 2024
•
withdrawn
Gradio's CI vulnerable to Command Injection
High
CVE-2024-1540
was published
for
gradio
(pip)
Mar 27, 2024
•
withdrawn
Duplicate Advisory: Cross-Site Request Forgery in Gradio
Moderate
GHSA-3x9g-xfj5-fq84
was published
for
gradio
(pip)
Mar 21, 2024
•
withdrawn
Duplicate Advisory: ReDos vulnerability of XMLFeedSpider
High
GHSA-7c9g-vj9m-8pm6
was published
for
scrapy
(pip)
Feb 28, 2024
•
withdrawn
Duplicate Advisory: FastAPI Content-Type Header ReDoS
High
GHSA-qf9m-vfgh-m389
was published
for
fastapi
(pip)
Feb 5, 2024
•
withdrawn
Duplicate Advisory: Starlette Content-Type Header ReDoS
High
GHSA-93gm-qmq6-w238
was published
for
starlette
(pip)
Feb 5, 2024
•
withdrawn
Duplicate Advisory: Apache Superset - Elevation of Privilege
Moderate
GHSA-392c-vjfv-h7wr
was published
for
apache-superset
(pip)
Nov 27, 2023
•
withdrawn
Duplicate Advisory: Keylime's registrar vulnerable to Denial-of-service attack via a single open connection
High
GHSA-9gjg-834p-5gvv
was published
for
keylime
(pip)
Jul 24, 2023
•
withdrawn
Withdrawn: Use after free in SciPy
Critical
CVE-2023-29824
was published
for
scipy
(pip)
Jul 6, 2023
•
withdrawn
Withdrawn: scipy memory leak vulnerability
Moderate
CVE-2023-25399
was published
for
scipy
(pip)
Jul 5, 2023
•
withdrawn
Duplicate Advisory: Starlette vulnerable to directory traversal
High
GHSA-qj8w-rv5x-2v9h
was published
for
starlette
(pip)
Jun 1, 2023
•
withdrawn
Withdrawn: safeurl-python contains Server-Side Request Forgery
Moderate
GHSA-rw83-v3pw-m362
was published
for
safeurl-python
(pip)
Jan 30, 2023
•
withdrawn
Duplicate Advisory: Improper Restriction of XML External Entity Reference in pikepdf
Critical
CVE-2021-46849
was published
for
pikepdf
(pip)
Oct 24, 2022
•
withdrawn
Withdrawn: Denial of Service in aiohttp
Moderate
CVE-2022-33124
was published
for
aiohttp
(pip)
Jun 24, 2022
•
withdrawn
StackStorm st2 Infinite Loop Condition
High
CVE-2021-28667
was published
for
st2client
(pip)
May 24, 2022
•
withdrawn
Duplicate Advisory: Unauthorized privilege escalation in Mod module
High
GHSA-q886-75m2-vff8
was published
for
red-discordbot
(pip)
May 24, 2022
•
withdrawn
OpenStack Neutron allows remote authenticated users to cause a denial of service
Moderate
CVE-2014-3555
was published
for
neutron
(pip)
May 17, 2022
•
withdrawn
Withdrawn Advisory: OnionShare Predictable Pathname
High
CVE-2018-19960
was published
for
onionshare-cli
(pip)
May 14, 2022
•
withdrawn
Withdrawn Advisory: Pulp Improper Path Parsing
Moderate
CVE-2018-10917
was published
for
pulpcore
(pip)
May 13, 2022
•
withdrawn
Duplicate Advisory: Incorrect Authorization in Gerapy
Critical
CVE-2021-44597
was published
for
gerapy
(pip)
Mar 11, 2022
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API