Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,995 advisories

python-jose algorithm confusion with OpenSSH ECDSA keys High
CVE-2024-33663 was published for python-jose (pip) Apr 26, 2024
vyper's range(start, start + N) reverts for negative numbers Moderate
CVE-2024-32481 was published for vyper (pip) Apr 25, 2024
trocher
vyper performs incorrect topic logging in raw_log Moderate
CVE-2024-32645 was published for vyper (pip) Apr 25, 2024
chen-robert
vyper performs double eval of the slice args when buffer from adhoc locations Moderate
CVE-2024-32646 was published for vyper (pip) Apr 25, 2024
cyberthirst
vyper performs double eval of raw_args in create_from_blueprint Moderate
CVE-2024-32647 was published for vyper (pip) Apr 25, 2024
vyper default functions don't respect nonreentrancy keys Moderate
CVE-2024-32648 was published for vyper (pip) Apr 25, 2024
vyper performs double eval of the argument of sqrt Moderate
CVE-2024-32649 was published for vyper (pip) Apr 25, 2024
cyberthirst
pyLoad allows upload to arbitrary folder lead to RCE Critical
CVE-2024-32880 was published for pyload-ng (pip) Apr 24, 2024
zhcy2018
social-auth-app-django affected by Improper Handling of Case Sensitivity Moderate
CVE-2024-32879 was published for social-auth-app-django (pip) Apr 24, 2024
bradenmacdonald nijel
Synapse V2 state resolution weakness allows Denial of Service (DoS) Moderate
CVE-2024-31208 was published for matrix-synapse (pip) Apr 23, 2024
alexeyshch
cg vulnerable to an Open Redirect Vulnerability on Referer Header Moderate
GHSA-w228-rfpx-fhm4 was published for cg (pip) Apr 23, 2024
aydinnyunus
dbt uses a SQLparse version with a high vulnerability High
GHSA-p72q-h37j-3hq7 was published for dbt-core (pip) Apr 22, 2024
DanMawdsleyBA
OpenStack Storlets arbitrary code execution vulnerability High
CVE-2024-28717 was published for storlets (pip) Apr 22, 2024
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider Moderate
CVE-2024-29733 was published for apache-airflow-providers-ftp (pip) Apr 21, 2024
ericwb
flask-cors vulnerable to log injection when the log level is set to debug Moderate
CVE-2024-1681 was published for flask-cors (pip) Apr 19, 2024
bayandin
Sentry vulnerable to leaking superuser cleartext password in logs High
CVE-2024-32474 was published for sentry (pip) Apr 18, 2024
lluuaapp
aiohttp Cross-site Scripting vulnerability on index pages for static file handling Moderate
CVE-2024-27306 was published for aiohttp (pip) Apr 18, 2024
arkark
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used Moderate
CVE-2024-31869 was published for apache-airflow (pip) Apr 18, 2024
langchain vulnerable to path traversal Moderate
CVE-2024-3571 was published for langchain (pip) Apr 16, 2024
Cross-site Scripting (XSS) in mindsdb/mindsdb Moderate
CVE-2024-3575 was published for mindsdb (pip) Apr 16, 2024
Duplicate Advisory: Scrapy authorization header leakage on cross-domain redirect High
GHSA-4q82-j5c2-g2c5 was published for scrapy (pip) Apr 16, 2024 withdrawn
Duplicate Advisory: Scrapy decompression bomb vulnerability High
GHSA-rmqv-7v3j-mr7p was published for scrapy (pip) Apr 16, 2024 withdrawn
llama-index-core Command Injection vulnerability Critical
CVE-2024-3271 was published for llama-index-core (pip) Apr 16, 2024
mlflow vulnerable to Path Traversal Critical
CVE-2024-3573 was published for mlflow (pip) Apr 16, 2024
gradio vulnerable to Path Traversal High
CVE-2024-1561 was published for gradio (pip) Apr 16, 2024
ProTip! Advisories are also available from the GraphQL API