Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,618 advisories

Loading
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado Moderate
GHSA-753j-mpmx-qq6g was published for tornado (pip) Jun 6, 2024
kenballus
scikit-learn sensitive data leakage vulnerability Moderate
CVE-2024-5206 was published for scikit-learn (pip) Jun 6, 2024
SQL injection in litellm Moderate
CVE-2024-5225 was published for litellm (pip) Jun 6, 2024
SQL injection in litellm Moderate
CVE-2024-4890 was published for litellm (pip) Jun 6, 2024
Arbitrary system path lookup in h20 Moderate
CVE-2024-5550 was published for h2o (pip) Jun 6, 2024
Denial of service in langchain-community Moderate
CVE-2024-2965 was published for langchain (pip) Jun 6, 2024
eyurtsev efriis
Undefined Behavior in mlflow Moderate
CVE-2024-3099 was published for mlflow (pip) Jun 6, 2024
Improper authorization in zenml Moderate
CVE-2024-2035 was published for zenml (pip) Jun 6, 2024
Clickjacking in zenml Moderate
CVE-2024-2383 was published for zenml (pip) Jun 6, 2024
Server-Side Request Forgery in langchain-community.retrievers.web_research.WebResearchRetriever Moderate
CVE-2024-3095 was published for langchain-community (pip) Jun 6, 2024
eyurtsev
PyMongo Out-of-bounds Read in the bson module Moderate
CVE-2024-5629 was published for pymongo (pip) Jun 5, 2024
path traversal vulnerability was identified in the parisneo/lollms-webui Moderate
CVE-2024-4330 was published for lollms (pip) Jun 2, 2024
code injection vulnerability exists in the huggingface/text-generation-inference repository Moderate
CVE-2024-3924 was published for text-generation (pip) Jun 2, 2024
Improper Handling of Insufficient Permissions in `wagtail.contrib.settings` Moderate
CVE-2024-35228 was published for wagtail (pip) Jun 2, 2024
engineervix gasman
RealOrangeOne
Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints Moderate
CVE-2024-35189 was published for ethyca-fides (pip) Jun 2, 2024
adamsachs
Duplicate Advisory: Apache Superset uncontrolled resource consumption Moderate
CVE-2024-23952 was published for apache-superset (pip) May 30, 2024 withdrawn
Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects Moderate
CVE-2024-36112 was published for nautobot (pip) May 29, 2024
rockhopper Buffer Overflow vulnerability Moderate
CVE-2022-4969 was published for rockhopper (pip) May 28, 2024
dbt allows Binding to an Unrestricted IP Address via socketsocket Moderate
CVE-2024-36105 was published for dbt-core (pip) May 28, 2024
ericwb
jupyter-scheduler's endpoint is missing authentication Moderate
CVE-2024-28188 was published for jupyter-scheduler (pip) May 23, 2024
krassowski Carreau
andrii-i dlqqq yuvipanda
Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files Moderate
CVE-2024-1727 was published for gradio (pip) May 21, 2024
OMERO.web must check that the JSONP callback is a valid function Moderate
CVE-2024-35180 was published for omero-web (pip) May 21, 2024
Requests `Session` object does not verify requests after making first request with verify=False Moderate
CVE-2024-35195 was published for requests (pip) May 20, 2024
mikeassel sigmavirus24
nateprewitt
aiosmtpd STARTTLS unencrypted commands injection Moderate
CVE-2024-34083 was published for aiosmtpd (pip) May 20, 2024
Arusekk
MLflow allows low privilege users to delete any artifact Moderate
CVE-2024-4263 was published for mlflow (pip) May 16, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database