Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,474
Erlang
33
GitHub Actions
24
Go
2,203
Maven
5,000+
npm
3,845
NuGet
696
pip
3,635
Pub
12
RubyGems
911
Rust
912
Swift
38
Unreviewed advisories
All unreviewed
5,000+

21,884 advisories

Loading
Open WebUI has SSRF in /openai/models High
CVE-2024-7959 was published for open-webui (pip) Mar 20, 2025
Open WebUI Has Improper Access Control Leading to Arbitrary Prompt Read Moderate
CVE-2024-7045 was published for open-webui (pip) Mar 20, 2025
Open WebUI Allows Viewing of Admin Details Moderate
CVE-2024-7046 was published for open-webui (pip) Mar 20, 2025
Open WebUI Vulnerable to a Session Fixation Attack High
CVE-2024-7053 was published for open-webui (pip) Mar 20, 2025
PyTorch Lightning path traversal vulnerability Critical
CVE-2024-8019 was published for pytorch-lightning (pip) Mar 20, 2025
Open Neural Network Exchange (ONNX) Path Traversal Vulnerability High
CVE-2024-7776 was published for onnx (pip) Mar 20, 2025
Open WebUI Cross-Site Request Forgery (CSRF) Vulnerability High
CVE-2024-7806 was published for open-webui (pip) Mar 20, 2025
PyTorch deserialization vulnerability Critical
CVE-2024-7804 was published for torch (pip) Mar 20, 2025
TorchServe script references S3 bucket without ensuring ownership or confirming accessibility Moderate
CVE-2024-6577 was published for torchserve (pip) Mar 20, 2025
Flask-CORS improper regex path matching vulnerability Moderate
CVE-2024-6839 was published for flask-cors (pip) Mar 20, 2025
Aim External Control of File Name or Path vulnerability Critical
CVE-2024-6829 was published for aim (pip) Mar 20, 2025
LoLLMS Code Injection vulnerability High
CVE-2024-6982 was published for lollms (pip) Mar 20, 2025
MLflow Uncontrolled Resource Consumption vulnerability Moderate
CVE-2024-6838 was published for mlflow (pip) Mar 20, 2025
Flask-CORS allows for inconsistent CORS matching Moderate
CVE-2024-6844 was published for flask-cors (pip) Mar 20, 2025
Open WebUI Allows Admin Deletion via API Endpoint High
CVE-2024-7039 was published for open-webui (pip) Mar 20, 2025
Open WebUI Allows Arbitrary File Reading and Deletion High
CVE-2024-7043 was published for open-webui (pip) Mar 20, 2025
H2O Vulnerable to Arbitrary File Overwrite via File Export High
CVE-2024-6854 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
LiteLLM Vulnerable to Remote Code Execution (RCE) High
CVE-2024-6825 was published for litellm (pip) Mar 20, 2025
Gunicorn HTTP Request/Response Smuggling vulnerability High
CVE-2024-6827 was published for gunicorn (pip) Mar 20, 2025
Open WebUI Vulnerable to Cross-Site Scripting (XSS) via Chat File Upload Moderate
CVE-2024-7044 was published for open-webui (pip) Mar 20, 2025
Aim Path Traversal vulnerability High
CVE-2024-6851 was published for aim (pip) Mar 20, 2025
H2O Vulnerable to Execution of Arbitrary Files Moderate
CVE-2024-6863 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
Flask-CORS vulnerable to Improper Handling of Case Sensitivity Moderate
CVE-2024-6866 was published for flask-cors (pip) Mar 20, 2025
Open WebUI Allows Arbitrary File Write via the `download_model` Endpoint Moderate
CVE-2024-7033 was published for open-webui (pip) Mar 20, 2025
Open WebUI Allows Arbitrary File Write via the `/models/upload` Endpoint Moderate
CVE-2024-7034 was published for open-webui (pip) Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database