Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,948
Erlang
29
GitHub Actions
16
Go
1,739
Maven
4,967
npm
3,504
NuGet
607
pip
3,064
Pub
10
RubyGems
832
Rust
779
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,431 advisories

urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects Moderate
CVE-2024-37891 was published for urllib3 (pip) Jun 17, 2024
pquentin illia-v
langchain_experimental Code Execution via Python REPL access Moderate
CVE-2024-38459 was published for langchain-experimental (pip) Jun 16, 2024
Invenio-Communities has a Cross-Site Scripting (XSS) vulnerability in React components Moderate
GHSA-hjx6-f647-mvf9 was published for invenio-communities (pip) Jun 12, 2024
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability Moderate
CVE-2024-35255 was published for @azure/identity (Go) Jun 11, 2024
scottaddie localden
Tornado has a CRLF injection in CurlAsyncHTTPClient headers Moderate
GHSA-w235-7p84-xx57 was published for tornado (pip) Jun 6, 2024
sha0sum mschwager
ahpaleus
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado Moderate
GHSA-753j-mpmx-qq6g was published for tornado (pip) Jun 6, 2024
Arbitrary system path lookup in h20 Moderate
CVE-2024-5550 was published for h2o (pip) Jun 6, 2024
SQL injection in litellm Moderate
CVE-2024-4890 was published for litellm (pip) Jun 6, 2024
Arbitrary file deletion in litellm Moderate
CVE-2024-4888 was published for litellm (pip) Jun 6, 2024
SQL injection in litellm Moderate
CVE-2024-5225 was published for litellm (pip) Jun 6, 2024
scikit-learn sensitive data leakage vulnerability Moderate
CVE-2024-5206 was published for scikit-learn (pip) Jun 6, 2024
Denial of service in langchain-community Moderate
CVE-2024-2965 was published for langchain-community (pip) Jun 6, 2024
eyurtsev efriis
Server-Side Request Forgery in langchain Moderate
CVE-2024-3095 was published for langchain (pip) Jun 6, 2024
Improper authorization in zenml Moderate
CVE-2024-2035 was published for zenml (pip) Jun 6, 2024
Undefined Behavior in mlflow Moderate
CVE-2024-3099 was published for mlflow (pip) Jun 6, 2024
Clickjacking in zenml Moderate
CVE-2024-2383 was published for zenml (pip) Jun 6, 2024
PyMongo Out-of-bounds Read in the bson module Moderate
CVE-2024-5629 was published for pymongo (pip) Jun 5, 2024
path traversal vulnerability was identified in the parisneo/lollms-webui Moderate
CVE-2024-4330 was published for lollms (pip) Jun 2, 2024
code injection vulnerability exists in the huggingface/text-generation-inference repository Moderate
CVE-2024-3924 was published for text-generation (pip) Jun 2, 2024
Improper Handling of Insufficient Permissions in `wagtail.contrib.settings` Moderate
CVE-2024-35228 was published for wagtail (pip) Jun 2, 2024
engineervix gasman
RealOrangeOne
Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints Moderate
CVE-2024-35189 was published for ethyca-fides (pip) Jun 2, 2024
adamsachs
Apache Superset uncontrolled resource consumption Moderate
CVE-2024-23952 was published for apache-superset (pip) May 30, 2024 withdrawn
Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects Moderate
CVE-2024-36112 was published for nautobot (pip) May 29, 2024
rockhopper Buffer Overflow vulnerability Moderate
CVE-2022-4969 was published for rockhopper (pip) May 28, 2024
dbt allows Binding to an Unrestricted IP Address via socketsocket Moderate
CVE-2024-36105 was published for dbt-core (pip) May 28, 2024
ericwb
ProTip! Advisories are also available from the GraphQL API