GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,678
Erlang
29
GitHub Actions
16
Go
1,707
Maven
4,940
npm
3,471
NuGet
603
pip
2,987
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,401 advisories
Filter by severity
jupyter-scheduler's endpoint is missing authentication
Moderate
CVE-2024-28188
was published
for
jupyter-scheduler
(pip)
May 23, 2024
Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files
Moderate
CVE-2024-1727
was published
for
gradio
(pip)
May 21, 2024
OMERO.web must check that the JSONP callback is a valid function
Moderate
CVE-2024-35180
was published
for
omero-web
(pip)
May 21, 2024
Requests `Session` object does not verify requests after making first request with verify=False
Moderate
CVE-2024-35195
was published
for
requests
(pip)
May 20, 2024
aiosmtpd STARTTLS unencrypted commands injection
Moderate
CVE-2024-34083
was published
for
aiosmtpd
(pip)
May 20, 2024
MLflow allows low privilege users to delete any artifact
Moderate
CVE-2024-4263
was published
for
mlflow
(pip)
May 16, 2024
Scrapy allows redirect following in protocols other than HTTP
Moderate
GHSA-23j4-mw76-5v7h
was published
for
Scrapy
(pip)
May 14, 2024
Scrapy's redirects ignoring scheme-specific proxy settings
Moderate
GHSA-jm3v-qxmh-hxwv
was published
for
Scrapy
(pip)
May 14, 2024
Scrapy leaks the authorization header on same-domain but cross-origin redirects
Moderate
CVE-2024-1968
was published
for
Scrapy
(pip)
May 14, 2024
Apache Superset Incorrect Authorization vulnerability
Moderate
CVE-2024-28148
was published
for
apache-superset
(pip)
May 7, 2024
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
Moderate
CVE-2024-34064
was published
for
Jinja2
(pip)
May 6, 2024
WordOps has TOCTOU race condition
Moderate
CVE-2024-34528
was published
for
wordops
(pip)
May 6, 2024
Nebari prints temporary Keycloak root password
Moderate
CVE-2024-34529
was published
for
nebari
(pip)
May 6, 2024
Gradio's Component Server does not properly consider` _is_server_fn` for functions
Moderate
CVE-2024-34511
was published
for
gradio
(pip)
May 5, 2024
changedetection.io Cross-site Scripting vulnerability
Moderate
CVE-2024-34061
was published
for
changedetection.io
(pip)
May 3, 2024
dcnnt-py is vulnerable to command injection via Notification Handler
Moderate
CVE-2023-1000
was published
for
dcnnt
(pip)
Apr 27, 2024
python-jose denial of service via compressed JWE content
Moderate
CVE-2024-33664
was published
for
python-jose
(pip)
Apr 26, 2024
vyper's range(start, start + N) reverts for negative numbers
Moderate
CVE-2024-32481
was published
for
vyper
(pip)
Apr 25, 2024
vyper performs incorrect topic logging in raw_log
Moderate
CVE-2024-32645
was published
for
vyper
(pip)
Apr 25, 2024
ProTip!
Advisories are also available from the
GraphQL API