GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,251
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,725
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
861
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,400 advisories
Filter by severity
Gradio allows users to access arbitrary files
Critical
GHSA-m842-4qm8-7gpq
was published
for
gradio
(pip)
Sep 25, 2024
Heap-based Buffer Overflow in sqlite-vec
High
CVE-2024-46488
was published
for
sqlite-vec
(RubyGems)
Sep 25, 2024
Cross-Site Request Forgery (CSRF) in strawberry-graphql
Moderate
CVE-2024-47082
was published
for
strawberry-graphql
(pip)
Sep 25, 2024
OAuth2 client ID and secret exposed through the web browser
High
CVE-2024-9014
was published
for
pgadmin4
(pip)
Sep 23, 2024
Prevent XSS from Confidant API call
Moderate
CVE-2024-45793
was published
for
confidant
(pip)
Sep 20, 2024
Reverb use after free vulnerability
Moderate
CVE-2024-8375
was published
for
dm-reverb
(pip)
Sep 19, 2024
LangChain Experimental Eval Injection vulnerability
Critical
CVE-2024-46946
was published
for
langchain-experimental
(pip)
Sep 19, 2024
Mesop has a local file Inclusion via static file serving functionality
High
CVE-2024-45601
was published
for
mesop
(pip)
Sep 18, 2024
Guardrails has an arbitrary code execution vulnerability
High
CVE-2024-45858
was published
for
guardrails-ai
(pip)
Sep 18, 2024
sqlitedict insecure deserialization vulnerability
High
CVE-2024-35515
was published
for
sqlitedict
(pip)
Sep 18, 2024
Heap-based Buffer Overflow in MicroPython
Moderate
CVE-2024-8946
was published
for
micropython-copy
(pip)
Sep 17, 2024
Use After Free in MicroPython
Moderate
CVE-2024-8947
was published
for
micropython-copy
(pip)
Sep 17, 2024
heap-buffer-overflow in MicroPython
Moderate
CVE-2024-8948
was published
for
micropython-copy
(pip)
Sep 17, 2024
vLLM Denial of Service via the best_of parameter
Moderate
CVE-2024-8939
was published
for
vllm
(pip)
Sep 17, 2024
Sentry improperly authorizes muting of alert rules
High
CVE-2024-45606
was published
for
sentry
(pip)
Sep 17, 2024
Sentry improperly authorizes deletion of user issue alert notifications
High
CVE-2024-45605
was published
for
sentry
(pip)
Sep 17, 2024
LangChain pickle deserialization of untrusted data
High
CVE-2024-5998
was published
for
langchain-community
(pip)
Sep 17, 2024
Composio Code Injection Vulnerability
Moderate
CVE-2024-8864
was published
for
composio-core
(pip)
Sep 16, 2024
Composio Path Traversal vulnerability
Moderate
CVE-2024-8865
was published
for
composio-core
(pip)
Sep 16, 2024
Aim Stored XSS through TEXT EXPLORER
Moderate
CVE-2024-8863
was published
for
aim
(pip)
Sep 16, 2024
D-Tale Command Execution Vulnerability
Moderate
CVE-2024-8862
was published
for
dtale
(pip)
Sep 16, 2024
Ansible vulnerable to Insertion of Sensitive Information into Log File
High
CVE-2024-8775
was published
for
ansible-core
(pip)
Sep 16, 2024
LiteLLM Server-Side Request Forgery (SSRF) vulnerability
High
CVE-2024-6587
was published
for
litellm
(pip)
Sep 13, 2024
MindsDB Deserialization of Untrusted Data vulnerability
High
CVE-2024-45855
was published
for
mindsdb
(pip)
Sep 12, 2024
ProTip!
Advisories are also available from the
GraphQL API