GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
2,995 advisories
Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page
High
CVE-2024-30248
was published
for
piccolo-admin
(pip)
Apr 1, 2024
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing
High
CVE-2024-28233
was published
for
jupyterhub
(pip)
Mar 28, 2024
LangChain's XMLOutputParser vulnerable to XML Entity Expansion
Moderate
CVE-2024-1455
was published
for
langchain-core
(pip)
Mar 26, 2024
Unauthenticated views may expose information to anonymous users
Low
CVE-2024-29199
was published
for
nautobot
(pip)
Mar 26, 2024
ansys-geometry-core OS Command Injection vulnerability
High
CVE-2024-29189
was published
for
ansys-geometry-core
(pip)
Mar 25, 2024
SSRF Vulnerability on assetlinks_check(act_name, well_knowns)
High
CVE-2024-29190
was published
for
mobsfscan
(pip)
Mar 22, 2024
ESPHome vulnerable to Authentication bypass via Cross site request forgery
High
CVE-2024-29019
was published
for
esphome
(pip)
Mar 21, 2024
GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace
High
CVE-2024-29033
was published
for
oauthenticator
(pip)
Mar 20, 2024
`qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code
Moderate
CVE-2024-29032
was published
for
qiskit-ibm-runtime
(pip)
Mar 20, 2024
Dynamic Variable Evaluation in qiskit-ibm-runtime
Low
GHSA-cq96-9974-v8hm
was published
for
qiskit-ibm-runtime
(pip)
Mar 20, 2024
Jupyter Server Proxy's Websocket Proxying does not require authentication
Critical
CVE-2024-28179
was published
for
jupyter-server-proxy
(pip)
Mar 20, 2024
ProTip!
Advisories are also available from the
GraphQL API