GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,713
NuGet
661
pip
3,386
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,386 advisories
Filter by severity
Langflow vulnerable to remote code execution
Moderate
CVE-2024-48061
was published
for
langflow
(pip)
Nov 5, 2024
gradio Server Side Request Forgery vulnerability
Moderate
CVE-2024-48052
was published
for
gradio
(pip)
Nov 5, 2024
OctoPrint Vulnerable to Reflected XSS in Jinja2 Templates
Moderate
CVE-2024-49377
was published
for
OctoPrint
(pip)
Nov 5, 2024
OctoPrint has API key access in settings without reauthentication
Moderate
CVE-2024-51493
was published
for
OctoPrint
(pip)
Nov 5, 2024
ansible-core Incorrect Authorization vulnerability
Moderate
CVE-2024-9902
was published
for
ansible-core
(pip)
Nov 6, 2024
codechecker vulnerable to authentication bypass when using specifically crafted URLs
Critical
CVE-2024-10081
was published
for
codechecker
(pip)
Nov 6, 2024
codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service
Critical
CVE-2024-10082
was published
for
codechecker
(pip)
Nov 6, 2024
Gradio vulnerable to arbitrary file read with File and UploadButton components
Moderate
CVE-2024-51751
was published
for
gradio
(pip)
Nov 6, 2024
changedetection.io path traversal using file URI scheme without supplying hostname
High
CVE-2024-51998
was published
for
changedetection.io
(pip)
Nov 7, 2024
Apache Airflow vulnerable to Insertion of Sensitive Information Into Sent Data
Low
CVE-2024-50378
was published
for
apache-airflow
(pip)
Nov 8, 2024
wasm3 uncontrolled memory allocation vulnerability
Moderate
CVE-2024-27529
was published
for
github.com/shareup/wasm-interpreter-apple
(pip)
Nov 9, 2024
Ansible-Core vulnerable to content protections bypass
Low
CVE-2024-11079
was published
for
ansible-core
(pip)
Nov 12, 2024
Salt preflight script could be attacker controlled
Moderate
CVE-2023-34049
was published
for
salt
(pip)
Nov 14, 2024
Missing ratelimit on passwrod resets in zenml
Moderate
CVE-2024-4311
was published
for
zenml
(pip)
Nov 14, 2024
ReDoS in giskard's transformation.py (GHSL-2024-324)
Moderate
CVE-2024-52524
was published
for
giskard
(pip)
Nov 14, 2024
Apache Airflow: Sensitive configuration values are not masked in the logs by default
High
CVE-2024-45784
was published
for
airflow
(pip)
Nov 15, 2024
Generation of Error Message Containing Sensitive Information in janeczku/calibre-web
Moderate
CVE-2021-3986
was published
for
calibreweb
(pip)
Nov 15, 2024
Improper Access Control in janeczku/calibre-web
Moderate
CVE-2021-3987
was published
for
calibreweb
(pip)
Nov 15, 2024
Cross-site Scripting (XSS) - DOM in janeczku/calibre-web
Moderate
CVE-2021-3988
was published
for
calibreweb
(pip)
Nov 15, 2024
OpenStack improperly deletes access rules
Moderate
CVE-2023-6110
was published
for
python-openstackclient
(pip)
Nov 17, 2024
django CMS Cross-Site Scripting (XSS)
Moderate
CVE-2024-11319
was published
for
django-cms
(pip)
Nov 18, 2024
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
Critical
CVE-2024-47533
was published
for
cobbler
(pip)
Nov 18, 2024
aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method
Moderate
CVE-2024-52303
was published
for
aiohttp
(pip)
Nov 18, 2024
aiohttp allows request smuggling due to incorrect parsing of chunk extensions
Moderate
CVE-2024-52304
was published
for
aiohttp
(pip)
Nov 18, 2024
ProTip!
Advisories are also available from the
GraphQL API