GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,995 advisories
Filter by severity
python-jose algorithm confusion with OpenSSH ECDSA keys
High
CVE-2024-33663
was published
for
python-jose
(pip)
Apr 26, 2024
vyper's range(start, start + N) reverts for negative numbers
Moderate
CVE-2024-32481
was published
for
vyper
(pip)
Apr 25, 2024
vyper performs incorrect topic logging in raw_log
Moderate
CVE-2024-32645
was published
for
vyper
(pip)
Apr 25, 2024
vyper performs double eval of the slice args when buffer from adhoc locations
Moderate
CVE-2024-32646
was published
for
vyper
(pip)
Apr 25, 2024
vyper performs double eval of raw_args in create_from_blueprint
Moderate
CVE-2024-32647
was published
for
vyper
(pip)
Apr 25, 2024
vyper default functions don't respect nonreentrancy keys
Moderate
CVE-2024-32648
was published
for
vyper
(pip)
Apr 25, 2024
vyper performs double eval of the argument of sqrt
Moderate
CVE-2024-32649
was published
for
vyper
(pip)
Apr 25, 2024
pyLoad allows upload to arbitrary folder lead to RCE
Critical
CVE-2024-32880
was published
for
pyload-ng
(pip)
Apr 24, 2024
social-auth-app-django affected by Improper Handling of Case Sensitivity
Moderate
CVE-2024-32879
was published
for
social-auth-app-django
(pip)
Apr 24, 2024
Synapse V2 state resolution weakness allows Denial of Service (DoS)
Moderate
CVE-2024-31208
was published
for
matrix-synapse
(pip)
Apr 23, 2024
cg vulnerable to an Open Redirect Vulnerability on Referer Header
Moderate
GHSA-w228-rfpx-fhm4
was published
for
cg
(pip)
Apr 23, 2024
dbt uses a SQLparse version with a high vulnerability
High
GHSA-p72q-h37j-3hq7
was published
for
dbt-core
(pip)
Apr 22, 2024
OpenStack Storlets arbitrary code execution vulnerability
High
CVE-2024-28717
was published
for
storlets
(pip)
Apr 22, 2024
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider
Moderate
CVE-2024-29733
was published
for
apache-airflow-providers-ftp
(pip)
Apr 21, 2024
flask-cors vulnerable to log injection when the log level is set to debug
Moderate
CVE-2024-1681
was published
for
flask-cors
(pip)
Apr 19, 2024
Sentry vulnerable to leaking superuser cleartext password in logs
High
CVE-2024-32474
was published
for
sentry
(pip)
Apr 18, 2024
aiohttp Cross-site Scripting vulnerability on index pages for static file handling
Moderate
CVE-2024-27306
was published
for
aiohttp
(pip)
Apr 18, 2024
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used
Moderate
CVE-2024-31869
was published
for
apache-airflow
(pip)
Apr 18, 2024
langchain vulnerable to path traversal
Moderate
CVE-2024-3571
was published
for
langchain
(pip)
Apr 16, 2024
Cross-site Scripting (XSS) in mindsdb/mindsdb
Moderate
CVE-2024-3575
was published
for
mindsdb
(pip)
Apr 16, 2024
Duplicate Advisory: Scrapy authorization header leakage on cross-domain redirect
High
GHSA-4q82-j5c2-g2c5
was published
for
scrapy
(pip)
Apr 16, 2024
•
withdrawn
Duplicate Advisory: Scrapy decompression bomb vulnerability
High
GHSA-rmqv-7v3j-mr7p
was published
for
scrapy
(pip)
Apr 16, 2024
•
withdrawn
llama-index-core Command Injection vulnerability
Critical
CVE-2024-3271
was published
for
llama-index-core
(pip)
Apr 16, 2024
mlflow vulnerable to Path Traversal
Critical
CVE-2024-3573
was published
for
mlflow
(pip)
Apr 16, 2024
ProTip!
Advisories are also available from the
GraphQL API