GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,476
Erlang
33
GitHub Actions
24
Go
2,204
Maven
5,000+
npm
3,857
NuGet
696
pip
3,639
Pub
12
RubyGems
913
Rust
915
Swift
38
Unreviewed advisories
All unreviewed
5,000+
1,471 advisories
Filter by severity
Frappe has possibility of SQL injection due to improper validations
Moderate
CVE-2025-30217
was published
for
frappe
(pip)
Mar 26, 2025
Nebari prints temporary Keycloak root password
Moderate
CVE-2024-34529
was published
for
nebari
(pip)
May 6, 2024
Apache Airflow MySQL Provider is Vulnerable to SQL Injection
Moderate
CVE-2025-27018
was published
for
apache-airflow-providers-mysql
(pip)
Mar 19, 2025
Frappe has Possibility of Remote Code Execution due to improper validation
Moderate
CVE-2025-30213
was published
for
frappe
(pip)
Mar 25, 2025
Frappe has possibility of SQL injection due to improper validations
Moderate
CVE-2025-30212
was published
for
frappe
(pip)
Mar 25, 2025
Flask-CORS improper regex path matching vulnerability
Moderate
CVE-2024-6839
was published
for
flask-cors
(pip)
Mar 20, 2025
MLflow Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2024-6838
was published
for
mlflow
(pip)
Mar 20, 2025
SageMaker Workflow component allows possibility of MD5 hash collisions
Moderate
CVE-2025-0508
was published
for
sagemaker
(pip)
Mar 20, 2025
MLflow Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2025-0453
was published
for
mlflow
(pip)
Mar 20, 2025
MLflow Cross-Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2025-1473
was published
for
mlflow
(pip)
Mar 20, 2025
Flask-CORS vulnerable to Improper Handling of Case Sensitivity
Moderate
CVE-2024-6866
was published
for
flask-cors
(pip)
Mar 20, 2025
Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2024-7035
was published
for
open-webui
(pip)
Mar 20, 2025
Flask-CORS allows for inconsistent CORS matching
Moderate
CVE-2024-6844
was published
for
flask-cors
(pip)
Mar 20, 2025
TorchServe script references S3 bucket without ensuring ownership or confirming accessibility
Moderate
CVE-2024-6577
was published
for
torchserve
(pip)
Mar 20, 2025
LlamaIndex Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2024-12910
was published
for
llama-index
(pip)
Mar 20, 2025
Gradio Vulnerable to Open Redirect
Moderate
CVE-2024-8021
was published
for
gradio
(pip)
Mar 20, 2025
Aim Relative Path Traversal vulnerability
Moderate
CVE-2024-6483
was published
for
aim
(pip)
Mar 20, 2025
Aim vulnerable to Synchronous Access of Remote Resource without Timeout
Moderate
CVE-2024-12777
was published
for
aim
(pip)
Mar 20, 2025
Transformers Regular Expression Denial of Service (ReDoS) vulnerability
Moderate
CVE-2024-12720
was published
for
transformers
(pip)
Mar 20, 2025
BentoML Open Redirect vulnerability
Moderate
CVE-2024-12760
was published
for
bentoml
(pip)
Mar 20, 2025
Open WebUI Allows Viewing of Admin Details
Moderate
CVE-2024-7046
was published
for
open-webui
(pip)
Mar 20, 2025
Open WebUI Allows Arbitrary File Write via the `download_model` Endpoint
Moderate
CVE-2024-7033
was published
for
open-webui
(pip)
Mar 20, 2025
Open WebUI Allows Arbitrary File Write via the `/models/upload` Endpoint
Moderate
CVE-2024-7034
was published
for
open-webui
(pip)
Mar 20, 2025
Open WebUI Has Improper Access Control Leading to Arbitrary Prompt Read
Moderate
CVE-2024-7045
was published
for
open-webui
(pip)
Mar 20, 2025
ProTip!
Advisories are also available from the
GraphQL API