Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,991
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
793
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,134 advisories

Loading
OpenStack Nova vulnerable to unauthorized access to potentially sensitive data Moderate
CVE-2024-40767 was published for Nova (pip) Jul 24, 2024
Sentry vulnerable to stored Cross-Site Scripting (XSS) High
CVE-2024-41656 was published for sentry (pip) Jul 23, 2024
stsewd
ops leaking secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command Moderate
CVE-2024-41129 was published for ops (pip) Jul 22, 2024
phvalguima
Anki Latex Incomplete Blocklist Vulnerability Moderate
CVE-2024-29073 was published for Anki (pip) Jul 22, 2024
Ankitects Anki LaTeX Blocklist Bypass vulnerability Low
CVE-2024-32152 was published for anki (pip) Jul 22, 2024
Ankitects Anki arbitrary script execution vulnerability Critical
CVE-2024-26020 was published for anki (pip) Jul 22, 2024
bee-san
Guardrails AI vulnerable to Improper Restriction of XML External Entity Reference Moderate
CVE-2024-6961 was published for guardrails-ai (pip) Jul 21, 2024
Calibre-Web Cross Site Scripting (XSS) Moderate
CVE-2024-39123 was published for calibreweb (pip) Jul 19, 2024
[PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS` Low
CVE-2024-41124 was published for puncia (pip) Jul 19, 2024
SCH227 g147
TorchServe gRPC Port Exposure High
CVE-2024-35199 was published for torchserve (pip) Jul 18, 2024
TorchServe vulnerable to bypass of allowed_urls configuration Moderate
CVE-2024-35198 was published for torchserve (pip) Jul 18, 2024
Sentry's Python SDK unintentionally exposes environment variables to subprocesses Low
CVE-2024-40647 was published for sentry-sdk (pip) Jul 18, 2024
kmichel-aiven
Roundup Cross-site Scripting Vulnerability Moderate
CVE-2024-39125 was published for roundup (pip) Jul 17, 2024
Roundup Cross-site Scripting Vulnerability Moderate
CVE-2024-39126 was published for roundup (pip) Jul 17, 2024
Roundup Cross-site Scripting Vulnerability Moderate
CVE-2024-39124 was published for roundup (pip) Jul 17, 2024
BlastRADIUS also affects eduMFA Moderate
GHSA-vhmj-5q9r-mm9g was published for edumfa (pip) Jul 17, 2024
Janfred sklemer1
dbt has an implicit override for built-in materializations from installed packages Moderate
CVE-2024-40637 was published for dbt-core (pip) Jul 17, 2024
brabster
Apache Airflow has DAG Author Code Execution possibility in airflow-scheduler High
CVE-2024-39877 was published for apache-airflow (pip) Jul 17, 2024
Apache Airflow Potential Cross-site Scripting Vulnerability Moderate
CVE-2024-39863 was published for apache-airflow (pip) Jul 17, 2024
Fiona affected by CVE-2023-45853 related to MiniZip madler-zlib Critical
GHSA-q5fm-55c2-v6j9 was published for fiona (pip) Jul 16, 2024
Fiona affected by CVE-2020-14152 related to madler-zlib High
GHSA-g4m4-9q4c-mfw6 was published for fiona (pip) Jul 16, 2024
Apache Superset vulnerable to improper SQL authorization Moderate
CVE-2024-39887 was published for apache-superset (pip) Jul 16, 2024
OpaMiddleware does not filter HTTP OPTIONS requests Moderate
CVE-2024-40627 was published for fastapi-opa (pip) Jul 15, 2024
langchain-experimental vulnerable to Arbitrary Code Execution High
CVE-2024-21513 was published for langchain-experimental (pip) Jul 15, 2024
setuptools vulnerable to Command Injection via package URL High
CVE-2024-6345 was published for setuptools (pip) Jul 15, 2024
ProTip! Advisories are also available from the GraphQL API