GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,415 advisories
Filter by severity
Missing ratelimit on passwrod resets in zenml
Moderate
CVE-2024-4311
was published
for
zenml
(pip)
Nov 14, 2024
Salt preflight script could be attacker controlled
Moderate
CVE-2023-34049
was published
for
salt
(pip)
Nov 14, 2024
Ansible-Core vulnerable to content protections bypass
Low
CVE-2024-11079
was published
for
ansible-core
(pip)
Nov 12, 2024
wasm3 uncontrolled memory allocation vulnerability
Moderate
CVE-2024-27529
was published
for
github.com/shareup/wasm-interpreter-apple
(pip)
Nov 9, 2024
Apache Airflow vulnerable to Insertion of Sensitive Information Into Sent Data
Low
CVE-2024-50378
was published
for
apache-airflow
(pip)
Nov 8, 2024
changedetection.io path traversal using file URI scheme without supplying hostname
High
CVE-2024-51998
was published
for
changedetection.io
(pip)
Nov 7, 2024
Gradio vulnerable to arbitrary file read with File and UploadButton components
Moderate
CVE-2024-51751
was published
for
gradio
(pip)
Nov 6, 2024
codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service
Critical
CVE-2024-10082
was published
for
codechecker
(pip)
Nov 6, 2024
codechecker vulnerable to authentication bypass when using specifically crafted URLs
Critical
CVE-2024-10081
was published
for
codechecker
(pip)
Nov 6, 2024
ansible-core Incorrect Authorization vulnerability
Moderate
CVE-2024-9902
was published
for
ansible-core
(pip)
Nov 6, 2024
OctoPrint has API key access in settings without reauthentication
Moderate
CVE-2024-51493
was published
for
OctoPrint
(pip)
Nov 5, 2024
OctoPrint Vulnerable to Reflected XSS in Jinja2 Templates
Moderate
CVE-2024-49377
was published
for
OctoPrint
(pip)
Nov 5, 2024
Langflow vulnerable to remote code execution
Moderate
CVE-2024-48061
was published
for
langflow
(pip)
Nov 5, 2024
gradio Server Side Request Forgery vulnerability
Moderate
CVE-2024-48052
was published
for
gradio
(pip)
Nov 5, 2024
Access control vulnerable to user data deletion by anonynmous users
Moderate
CVE-2024-51734
was published
for
AccessControl
(pip)
Nov 4, 2024
changedetection.io Path Traversal
Moderate
CVE-2024-51483
was published
for
changedetection.io
(pip)
Nov 1, 2024
langflow has vulnerability in PythonCodeTool component
High
CVE-2024-42835
was published
for
langflow
(pip)
Oct 31, 2024
Langchain SQL Injection vulnerability
Low
CVE-2024-8309
was published
for
langchain
(pip)
Oct 29, 2024
Lollms vulnerable to Cross-site Scripting
Moderate
CVE-2024-6581
was published
for
lollms
(pip)
Oct 29, 2024
Waitress has request processing race condition in HTTP pipelining with invalid first request
Critical
CVE-2024-49768
was published
for
waitress
(pip)
Oct 29, 2024
Waitress vulnerable to DoS leading to high CPU usage/resource exhaustion
High
CVE-2024-49769
was published
for
waitress
(pip)
Oct 29, 2024
Duplicate Advisory: pyload-ng vulnerable to RCE with js2py sandbox escape
High
GHSA-25pw-q952-x37g
was published
for
pyload-ng
(pip)
Oct 28, 2024
•
withdrawn
MPXJ has a Potential Path Traversal Vulnerability
Moderate
CVE-2024-49771
was published
for
MPXJ.Net
(RubyGems)
Oct 28, 2024
pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API
High
CVE-2024-47821
was published
for
pyload-ng
(pip)
Oct 28, 2024
ProTip!
Advisories are also available from the
GraphQL API