Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

3,364 advisories

Loading
OpenC3 stores passwords in clear text (`GHSL-2024-129`) Moderate
CVE-2024-47529 was published for @openc3/tool-common (RubyGems) Oct 2, 2024
p-
OpenC3 Path Traversal via screen controller (`GHSL-2024-127`) High
CVE-2024-46977 was published for openc3 (RubyGems) Oct 2, 2024
p-
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`) Moderate
CVE-2024-43795 was published for @openc3/tool-common (RubyGems) Oct 2, 2024
p-
Inventree Server-Side Request Forgery vulnerability exposes server port/internal IP Moderate
GHSA-vx3h-qwqw-r2wq was published for inventree (pip) Oct 2, 2024
febin0x10 SchrodingersGat
RestrictedPython information leakage via `AttributeError.obj` and the `string` module High
CVE-2024-47532 was published for RestrictedPython (pip) Sep 30, 2024
Quasar0147 dronex7070
d-maurer dataflake icemac
Inefficient Regular Expression Complexity in langflow Moderate
CVE-2024-9277 was published for langflow (pip) Sep 27, 2024
m3t3kh4n
Gradio allows users to access arbitrary files Critical
GHSA-m842-4qm8-7gpq was published for gradio (pip) Sep 25, 2024
PinkDraconian
Heap-based Buffer Overflow in sqlite-vec High
CVE-2024-46488 was published for sqlite-vec (RubyGems) Sep 25, 2024
Cross-Site Request Forgery (CSRF) in strawberry-graphql Moderate
CVE-2024-47082 was published for strawberry-graphql (pip) Sep 25, 2024
DoctorJohn graingert
Speedy1991
OAuth2 client ID and secret exposed through the web browser High
CVE-2024-9014 was published for pgadmin4 (pip) Sep 23, 2024
m3t3kh4n
Prevent XSS from Confidant API call Moderate
CVE-2024-45793 was published for confidant (pip) Sep 20, 2024
whu-lyft meng-han
alejandroroiz achantavy heryxpc anshumanbh bstewart-lyft reindaelman
Reverb use after free vulnerability Moderate
CVE-2024-8375 was published for dm-reverb (pip) Sep 19, 2024
LangChain Experimental Eval Injection vulnerability Critical
CVE-2024-46946 was published for langchain-experimental (pip) Sep 19, 2024
Mesop has a local file Inclusion via static file serving functionality High
CVE-2024-45601 was published for mesop (pip) Sep 18, 2024
Letm3through
sqlitedict insecure deserialization vulnerability High
CVE-2024-35515 was published for sqlitedict (pip) Sep 18, 2024
Guardrails has an arbitrary code execution vulnerability High
CVE-2024-45858 was published for guardrails-ai (pip) Sep 18, 2024
Heap-based Buffer Overflow in MicroPython Moderate
CVE-2024-8946 was published for micropython-copy (pip) Sep 17, 2024
Use After Free in MicroPython Moderate
CVE-2024-8947 was published for micropython-copy (pip) Sep 17, 2024
heap-buffer-overflow in MicroPython Moderate
CVE-2024-8948 was published for micropython-copy (pip) Sep 17, 2024
vLLM denial of service vulnerability High
CVE-2024-8768 was published for vllm (pip) Sep 17, 2024
vLLM Denial of Service via the best_of parameter Moderate
CVE-2024-8939 was published for vllm (pip) Sep 17, 2024
Sentry improperly authorizes muting of alert rules High
CVE-2024-45606 was published for sentry (pip) Sep 17, 2024
emanuelbeni
Sentry improperly authorizes deletion of user issue alert notifications High
CVE-2024-45605 was published for sentry (pip) Sep 17, 2024
javeedsk8341
LangChain pickle deserialization of untrusted data High
CVE-2024-5998 was published for langchain-community (pip) Sep 17, 2024
BarrensZeppelin
Composio Path Traversal vulnerability Moderate
CVE-2024-8865 was published for composio-core (pip) Sep 16, 2024
ProTip! Advisories are also available from the GraphQL API