GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,249 advisories
Filter by severity
gratient 0.5 contains credential harvesting code
High
GHSA-xm4r-5rj9-2pg3
was published
for
gratient
(pip)
Aug 30, 2024
`exotel` project on PyPI compromised, malicious release made
High
GHSA-x6xg-3fj2-4pq3
was published
for
exotel
(pip)
Aug 30, 2024
Adyen APIs Library for Python timing attack vulnerability
Moderate
GHSA-f3q4-ggfp-jv34
was published
for
Adyen
(pip)
Aug 30, 2024
GeoServer style upload functionality vulnerable to XML External Entity (XXE) injection
Moderate
CVE-2023-26043
was published
for
GeoNode
(pip)
Aug 30, 2024
LTI 1.3 Grade Pass Back Implementation has Missing Authorization Vulnerability
Low
CVE-2023-23611
was published
for
lti-consumer-xblock
(pip)
Aug 30, 2024
nanopb vulnerable to invalid free() call with oneofs and PB_ENABLE_MALLOC
High
CVE-2021-21401
was published
for
nanopb
(pip)
Aug 30, 2024
freewvs vulnerable to denial of service through large files
Low
CVE-2020-15100
was published
for
freewvs
(pip)
Aug 30, 2024
freewvs's nested directory structure can interrupt scan
Low
CVE-2020-15101
was published
for
freewvs
(pip)
Aug 30, 2024
Hyperledger Indy's update process of a DID does not check who signs the request
High
CVE-2020-11093
was published
for
indy-node
(pip)
Aug 30, 2024
HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering
High
CVE-2024-43805
was published
for
jupyterlab
(pip)
Aug 29, 2024
Taipy has a Session Cookie without Secure and HTTPOnly flags
Moderate
GHSA-r3jq-4r5c-j9hp
was published
for
taipy
(pip)
Aug 27, 2024
Taipy 3.1.1 affected by CVEs on flask-core and pymongo
High
GHSA-pp84-v3mw-gg4w
was published
for
taipy
(pip)
Aug 27, 2024
FastAPI Admin Cross-site Scripting vulnerability in the Config-Create function
Moderate
CVE-2024-42818
was published
for
fastapi-admin
(pip)
Aug 26, 2024
FastAPI Admin cross-site scripting (XSS) vulnerability in the Create Product function
Moderate
CVE-2024-42816
was published
for
fastapi-admin
(pip)
Aug 26, 2024
Mage AI incorrectly gives privileges to users with deleted accounts
Moderate
CVE-2024-45187
was published
for
mage-ai
(pip)
Aug 23, 2024
Mage AI Path Traversal vulnerability
Moderate
CVE-2024-45190
was published
for
mage-ai
(pip)
Aug 23, 2024
Mage AI Path Traversal vulnerability
Moderate
CVE-2024-45188
was published
for
mage-ai
(pip)
Aug 23, 2024
Mage AI Path Traversal vulnerability
Moderate
CVE-2024-45189
was published
for
mage-ai
(pip)
Aug 23, 2024
pretix Stored Cross-site Scripting vulnerability
High
CVE-2024-8113
was published
for
pretix
(pip)
Aug 23, 2024
LlamaIndex includes an exec call for `import {cls_name}`
Critical
CVE-2024-45201
was published
for
llama-index-core
(pip)
Aug 22, 2024
Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users
Moderate
CVE-2024-8072
was published
for
mage-ai
(pip)
Aug 22, 2024
Apache Airflow Cross-site Scripting Vulnerability
Moderate
CVE-2024-41937
was published
for
apache-airflow
(pip)
Aug 21, 2024
Potential access to sensitive URLs via CKAN extensions (SSRF)
Moderate
CVE-2024-43371
was published
for
ckan
(pip)
Aug 21, 2024
CKAN has Cross-site Scripting vector in the Datatables view plugin
Moderate
CVE-2024-41675
was published
for
ckan
(pip)
Aug 21, 2024
CKAN may leak Solr credentials via error message in package_search action
Moderate
CVE-2024-41674
was published
for
ckan
(pip)
Aug 21, 2024
ProTip!
Advisories are also available from the
GraphQL API