Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,618 advisories

Loading
Apache Superset may expose internal traces on REST API endpoints Moderate
CVE-2023-39264 was published for apache-superset (pip) Sep 6, 2023
Apache Superset has improper default REST API permission for Gamma users Moderate
CVE-2023-36387 was published for apache-superset (pip) Sep 6, 2023
Salt can cause Git Providers to get wrong data Moderate
CVE-2023-20898 was published for salt (pip) Sep 5, 2023
Salt vulnerable to denial of service Moderate
CVE-2023-20897 was published for salt (pip) Sep 5, 2023
incorrect order of evaluation of side effects for some builtins Moderate
CVE-2023-41052 was published for vyper (pip) Sep 4, 2023
trocher
Vyper: reversed order of side effects for some operations Moderate
CVE-2023-40015 was published for vyper (pip) Sep 4, 2023
trocher
GitPython blind local file inclusion Moderate
CVE-2023-41040 was published for GitPython (pip) Aug 30, 2023
stsewd m3t3kh4n
EliahKagan
Archive spoofing vulnerability in borgbackup Moderate
CVE-2023-36811 was published for borgbackup (pip) Aug 30, 2023
ThomasWaldmann
Open Redirect Vulnerability in jupyter-server Moderate
CVE-2023-39968 was published for jupyter-server (pip) Aug 29, 2023
davwwwx
cross-site inclusion (XSSI) of files in jupyter-server Moderate
CVE-2023-40170 was published for jupyter-server (pip) Aug 29, 2023
Pyramid static view path traversal up one directory Moderate
CVE-2023-40587 was published for pyramid (pip) Aug 25, 2023
Apache Airflow missing Certificate Validation Moderate
CVE-2023-39441 was published for apache-airflow (pip) Aug 23, 2023
sunSUNQ
Horizon Web Dashboard Open Redirect vulnerability Moderate
CVE-2022-45582 was published for horizon (pip) Aug 22, 2023
Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users Moderate
CVE-2023-40570 was published for datasette (pip) Aug 22, 2023
Scancode.io Reflected Cross-Site Scripting (XSS) in license endpoint Moderate
CVE-2023-40024 was published for scancodeio (pip) Aug 15, 2023
0xmpij
Tornado vulnerable to HTTP request smuggling via improper parsing of `Content-Length` fields and chunk lengths Moderate
GHSA-qppv-j76h-2rpx was published for tornado (pip) Aug 14, 2023
kenballus
Authenticated Local Privilege Escalation vulnerability in Intel Optimization for Tensorflow Moderate
CVE-2023-27506 was published for intel-tensorflow (pip) Aug 11, 2023
m3t3kh4n
Sentry vulnerable to incorrect credential validation on OAuth token requests Moderate
CVE-2023-39531 was published for sentry (pip) Aug 9, 2023
EricHasegawa
ScanCode.io command injection in docker image fetch process Moderate
CVE-2023-39523 was published for scancodeio (pip) Aug 9, 2023
0xmpij
wger Workout Manager Cross-site Scripting vulnerability Moderate
CVE-2023-38758 was published for wger (pip) Aug 8, 2023
RDiffWeb vulnerable to Allocation of Resources Without Limits or Throttling Moderate
CVE-2023-4138 was published for rdiffweb (pip) Aug 3, 2023
Float point exception (FPE) in paddlepaddle Moderate
CVE-2023-38672 was published for paddlepaddle (pip) Jul 26, 2023
Null pointer dereference in PaddlePaddle Moderate
CVE-2023-38670 was published for paddlepaddle (pip) Jul 26, 2023
copyparty vulnerable to reflected cross-site scripting via k304 parameter Moderate
CVE-2023-38501 was published for copyparty (pip) Jul 25, 2023
TheHackyDog
ecrecover can return undefined data if signature does not verify Moderate
CVE-2023-37902 was published for vyper (pip) Jul 25, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database