Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,036
Erlang
29
GitHub Actions
18
Go
1,848
Maven
5,000+
npm
3,582
NuGet
636
pip
3,165
Pub
10
RubyGems
850
Rust
803
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,165 advisories

Khoj Vulnerable to Stored Cross-site Scripting In Automate (Preview feature) Moderate
CVE-2024-43396 was published for khoj (pip) Aug 20, 2024
calligraf0
Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files High
CVE-2024-43399 was published for mobsf (pip) Aug 19, 2024
bulutenes
Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow High
CVE-2024-42370 was published for litestar (pip) Aug 9, 2024 withdrawn
pwntester JacobCoffee
Aim Stored Cross-site Scripting Vulnerability Moderate
CVE-2024-6578 was published for aim (pip) Jul 29, 2024
Reflected Cross-Site Scripting (XSS) in zenml Moderate
CVE-2024-5062 was published for zenml (pip) Jun 30, 2024
ntlk unsafe deserialization vulnerability High
CVE-2024-39705 was published for nltk (pip) Jun 28, 2024
justinrosenthal ekaf
Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default Moderate
CVE-2024-6221 was published for flask-cors (pip) Aug 18, 2024
OpaMiddleware does not filter HTTP OPTIONS requests Moderate
CVE-2024-40627 was published for fastapi-opa (pip) Jul 15, 2024
miceg
Improper Certificate Validation in apache airflow mongo hook Critical
CVE-2024-25141 was published for apache-airflow-providers-mongo (pip) Feb 20, 2024
Authlib has algorithm confusion with asymmetric public keys High
CVE-2024-37568 was published for authlib (pip) Jun 9, 2024
WebOb's location header normalization during redirect leads to open redirect Moderate
CVE-2024-42353 was published for webob (pip) Aug 14, 2024
HTTPie allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack High
CVE-2023-48052 was published for httpie (pip) Nov 16, 2023
Path traveral in Streamlit on windows Moderate
CVE-2024-42474 was published for streamlit (pip) Aug 12, 2024
nvn1729
In aiohttp, compressed files as symlinks are not protected from path traversal Moderate
CVE-2024-42367 was published for aiohttp (pip) Aug 9, 2024
steverep
LibOSDP vulnerable to a null pointer deref in osdp_reply_name Moderate
GHSA-7945-5mcv-f2pp was published for libosdp (pip) Mar 8, 2024
e-ot
LibOSDP RMAC revert to the beginning of the session Moderate
GHSA-xhjw-7vh5-qxqm was published for libosdp (pip) Mar 8, 2024
e-ot
mlflow vulnerable to Path Traversal High
CVE-2024-1558 was published for mlflow (pip) Apr 16, 2024
mberges21
mlflow Path Traversal vulnerability High
CVE-2024-1483 was published for mlflow (pip) Apr 16, 2024
mberges21
Django Path Traversal vulnerability High
CVE-2024-39330 was published for Django (pip) Jul 10, 2024
python-jwt vulnerable to token forgery with new claims Critical
CVE-2022-39227 was published for python-jwt (pip) Sep 21, 2022
TomTervoort
Remote Code Execution due to Full Controled File Write in mlflow Critical
CVE-2023-6018 was published for mlflow (pip) Nov 16, 2023
marco27183 mberges21
JupyterHub has a privilege escalation vulnerability with the `admin:users` scope High
CVE-2024-41942 was published for jupyterhub (pip) Aug 8, 2024
oliver-sanders
Open WebUI Stored Cross-Site Scripting Vulnerability Moderate
CVE-2024-6706 was published for open-webui (pip) Aug 8, 2024
Django vulnerable to denial-of-service attack Moderate
CVE-2024-41991 was published for Django (pip) Aug 7, 2024
Twisted vulnerable to HTML injection in HTTP redirect body Moderate
CVE-2024-41810 was published for twisted (pip) Jul 29, 2024
v1ktor0t twm
ProTip! Advisories are also available from the GraphQL API