Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,618 advisories

Loading
AsyncSSH vulnerable to Prefix Truncation Attack (a.k.a. Terrapin Attack) against ChaCha20-Poly1305 and Encrypt-then-MAC Moderate
GHSA-hfmc-7525-mj55 was published for asyncssh (pip) Dec 18, 2023
TrueSkrillor lambdafu
User accounts disclosed to unauthenticated actors on the LAN Moderate
CVE-2023-50715 was published for homeassistant (pip) Dec 15, 2023
r01k
Out of memory error when submitting the dataset form with a specially-crafted field Moderate
CVE-2023-50248 was published for ckan (pip) Dec 13, 2023
thorge
Ansible template injection vulnerability Moderate
CVE-2023-5764 was published for ansible-core (pip) Dec 13, 2023
Exposure of Sensitive Information in mltable Moderate
CVE-2023-35625 was published for mltable (pip) Dec 12, 2023
Improper Input Validation in mindsdb Moderate
CVE-2023-49796 was published for mindsdb (pip) Dec 12, 2023
sylwia-budzynska
Server-Side Request Forgery in mindsdb Moderate
CVE-2023-49795 was published for mindsdb (pip) Dec 12, 2023
sylwia-budzynska
DockerSpawner allows any image by default Moderate
CVE-2023-48311 was published for dockerspawner (pip) Dec 8, 2023
Cross-site Scripting (XSS) in MLflow Moderate
CVE-2023-6568 was published for mlflow (pip) Dec 7, 2023
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
jupyter-server errors include tracebacks with path information Moderate
CVE-2023-49080 was published for jupyter-server (pip) Dec 5, 2023
krsecu
Reflected XSS Vulnerability in dpaste Moderate
CVE-2023-49277 was published for Dpaste (pip) Dec 1, 2023
brianferri
cryptography vulnerable to NULL-dereference when loading PKCS7 certificates Moderate
CVE-2023-49083 was published for cryptography (pip) Nov 28, 2023
pkuzco becojo
Apache Superset Open Redirect vulnerability Moderate
CVE-2023-42502 was published for apache-superset (pip) Nov 28, 2023
Apache Superset Allocation of Resources Without Limits or Throttling vulnerability Moderate
CVE-2023-42504 was published for apache-superset (pip) Nov 28, 2023
Apache Superset Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-42505 was published for apache-superset (pip) Nov 28, 2023
aiohttp's ClientSession is vulnerable to CRLF injection via version Moderate
CVE-2023-49081 was published for aiohttp (pip) Nov 27, 2023
jnovikov
aiohttp's ClientSession is vulnerable to CRLF injection via method Moderate
CVE-2023-49082 was published for aiohttp (pip) Nov 27, 2023
jnovikov
aiohttp has vulnerable dependency that is vulnerable to request smuggling Moderate
GHSA-pjjw-qhg8-p2p9 was published for aiohttp (pip) Nov 27, 2023
kenballus
Apache Superset has Incorrect Default Permissions Moderate
CVE-2023-42501 was published for apache-superset (pip) Nov 27, 2023
Duplicate Advisory: Apache Superset - Elevation of Privilege Moderate
GHSA-392c-vjfv-h7wr was published for apache-superset (pip) Nov 27, 2023 withdrawn
Apache Superset Cross-site Scripting vulnerability Moderate
CVE-2023-43701 was published for apache-superset (pip) Nov 27, 2023
Ethereum ABI decoder DoS when parsing ZST Moderate
GHSA-rqr8-pxh7-cq3g was published for eth-abi (pip) Nov 24, 2023
maxammann
Clear Text Credentials Exposed via Onboarding Task Moderate
CVE-2023-48700 was published for nautobot-device-onboarding (pip) Nov 21, 2023
whitej6 jeffkala
bryanculver scetron glennmatthews
TorchServe ZipSlip Moderate
CVE-2023-48299 was published for torchserve (pip) Nov 21, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database