Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,444
Erlang
29
GitHub Actions
16
Go
1,668
Maven
4,928
npm
3,458
NuGet
595
pip
2,876
Pub
10
RubyGems
823
Rust
766
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,876 advisories

Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service Critical
CVE-2024-32874 was published for frigate (pip) May 9, 2024
Sim4n6
Apache Superset Incorrect Authorization vulnerability Moderate
CVE-2024-28148 was published for apache-superset (pip) May 7, 2024
Arbitrary HTML present after sanitization because of unicode normalization High
CVE-2024-34078 was published for html-sanitizer (pip) May 6, 2024
yzueger
Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain High
CVE-2024-34069 was published for Werkzeug (pip) May 6, 2024
Ry0taK
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter Moderate
CVE-2024-34064 was published for Jinja2 (pip) May 6, 2024
Ry0taK
Litestar and Starlite vulnerable to Path Traversal High
CVE-2024-32982 was published for litestar (pip) May 6, 2024
brian-edgar-re
WordOps has TOCTOU race condition Moderate
CVE-2024-34528 was published for wordops (pip) May 6, 2024
Nebari prints temporary Keycloak root password Moderate
CVE-2024-34529 was published for nebari (pip) May 6, 2024
Gradio's Component Server does not properly consider` _is_server_fn` for functions Moderate
CVE-2024-34511 was published for gradio (pip) May 5, 2024
Ryu Infinite Loop vulnerability Moderate
CVE-2024-34483 was published for ryu (pip) May 5, 2024
Ryu Infinite Loop vulnerability Moderate
CVE-2024-34488 was published for ryu (pip) May 5, 2024
Ryu Infinite Loop vulnerability Moderate
CVE-2024-34487 was published for ryu (pip) May 5, 2024
Ryu Infinite Loop vulnerability Moderate
CVE-2024-34486 was published for ryu (pip) May 5, 2024
Ryu Infinite Loop vulnerability Moderate
CVE-2024-34484 was published for ryu (pip) May 5, 2024
Ryu Infinite Loop vulnerability Moderate
CVE-2024-34489 was published for ryu (pip) May 5, 2024
sagemaker-python-sdk Command Injection vulnerability High
CVE-2024-34073 was published for sagemaker (pip) May 3, 2024
Kasimir123
sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data High
CVE-2024-34072 was published for sagemaker (pip) May 3, 2024
Kasimir123
tqdm CLI arguments injection attack Low
CVE-2024-34062 was published for tqdm (pip) May 3, 2024
changedetection.io Cross-site Scripting vulnerability Moderate
CVE-2024-34061 was published for changedetection.io (pip) May 3, 2024
Nguyen-Trung-Kien
aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests High
CVE-2024-30251 was published for aiohttp (pip) May 3, 2024
bytehope
pgAdmin is affected by a multi-factor authentication bypass vulnerability High
CVE-2024-4215 was published for pgadmin4 (pip) May 2, 2024
pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload High
CVE-2024-4216 was published for pgAdmin4 (pip) May 2, 2024
Wagtail has permission check bypass when editing a model with per-field restrictions through `wagtail.contrib.settings` or `ModelViewSet` Low
CVE-2024-32882 was published for wagtail (pip) May 1, 2024
jams2 Morsey187
RealOrangeOne laymonage
nautobot has reflected Cross-site Scripting potential in all object list views High
CVE-2024-32979 was published for nautobot (pip) May 1, 2024
michaelpanorios
Duplicate Advisory: sqlparse parsing heavily nested list leads to Denial of Service High
GHSA-62qf-jcq8-8gxw was published for sqlparse (pip) Apr 30, 2024 withdrawn
ProTip! Advisories are also available from the GraphQL API