Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

1,414 advisories

Loading
Django has a potential denial-of-service vulnerability in IPv6 validation Moderate
CVE-2024-56374 was published for Django (pip) Jan 14, 2025
aiosmtpd vulnerable to SMTP smuggling Moderate
CVE-2024-27305 was published for aiosmtpd (pip) Mar 13, 2024
The-Login
Onnx Out-of-bounds Read vulnerability Moderate
CVE-2024-27319 was published for onnx (pip) Feb 23, 2024
iarspider
Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects Moderate
CVE-2024-36112 was published for nautobot (pip) May 29, 2024
Improper authorization in zenml Moderate
CVE-2024-2035 was published for zenml (pip) Jun 6, 2024
Taipy has a Session Cookie without Secure and HTTPOnly flags Moderate
CVE-2024-47833 was published for taipy (pip) Aug 27, 2024
mbiesiad
WordOps has TOCTOU race condition Moderate
CVE-2024-34528 was published for wordops (pip) May 6, 2024
VirtuBox
Reflected Cross-Site Scripting (XSS) in zenml Moderate
CVE-2024-5062 was published for zenml (pip) Jun 30, 2024
Apache StreamPipes potentially allows creation of multiple identical accounts Moderate
CVE-2024-30471 was published for org.apache.streampipes:streampipes-parent (Maven) Jul 17, 2024
Apache StreamPipes has possibility of SSRF in pipeline element installation process Moderate
CVE-2024-31979 was published for org.apache.streampipes:streampipes-parent (Maven) Jul 17, 2024
Cross-Site Request Forgery (CSRF) in strawberry-graphql Moderate
CVE-2024-47082 was published for strawberry-graphql (pip) Sep 25, 2024
DoctorJohn graingert
Speedy1991
XSS via the "Snapshot Test" feature in Classic Webcam plugin settings Moderate
CVE-2024-28237 was published for OctoPrint (pip) Mar 18, 2024
jacopotediosi
Apache Airflow Cross-site Scripting Vulnerability Moderate
CVE-2024-41937 was published for apache-airflow (pip) Aug 21, 2024
WebOb's location header normalization during redirect leads to open redirect Moderate
CVE-2024-42353 was published for webob (pip) Aug 14, 2024
Apache Airflow Potential Cross-site Scripting Vulnerability Moderate
CVE-2024-39863 was published for apache-airflow (pip) Jul 17, 2024
The Snowflake Connector for Python stores sensitive data in logs Moderate
CVE-2024-49750 was published for snowflake-connector-python (pip) Oct 24, 2024
Clickjacking in zenml Moderate
CVE-2024-2383 was published for zenml (pip) Jun 6, 2024
Gradio has a one-level read path traversal in `/custom_component` Moderate
CVE-2024-47166 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
OctoPrint has API key access in settings without reauthentication Moderate
CVE-2024-51493 was published for OctoPrint (pip) Nov 5, 2024
jacopotediosi
OctoPrint Vulnerable to Reflected XSS in Jinja2 Templates Moderate
CVE-2024-49377 was published for OctoPrint (pip) Nov 5, 2024
jacopotediosi
Gradio performs a non-constant-time comparison when comparing hashes Moderate
CVE-2024-47869 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
vyper performs incorrect topic logging in raw_log Moderate
CVE-2024-32645 was published for vyper (pip) Apr 25, 2024
chen-robert
vyper performs double eval of the slice start/length args in certain cases Moderate
CVE-2024-32646 was published for vyper (pip) Apr 25, 2024
cyberthirst
vyper performs double eval of raw_args in create_from_blueprint Moderate
CVE-2024-32647 was published for vyper (pip) Apr 25, 2024
vyper performs multiple eval of `sqrt()` argument built in Moderate
CVE-2024-32649 was published for vyper (pip) Apr 25, 2024
cyberthirst
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database