Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,511 advisories

Loading
Vyper vulnerable to integer overflow in loop High
CVE-2023-32058 was published for vyper (pip) May 12, 2023
trocher
Vyper vulnerable to incorrect ordering of arguments for kwargs passed to internal calls High
CVE-2023-32059 was published for vyper (pip) May 12, 2023
ptrcarta
mflow vulnerable to directory traversal High
CVE-2023-30172 was published for mlflow (pip) May 11, 2023
Mage-ai missing user authentication High
CVE-2023-31143 was published for mage-ai (pip) May 5, 2023
vyper vulnerable to storage allocator overflow High
CVE-2023-30837 was published for vyper (pip) May 5, 2023
ToonVanHove trocher
Apache Spark UI vulnerable to Command Injection High
CVE-2023-32007 was published for org.apache.spark:spark-parent_2.12 (Maven) May 2, 2023
Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header High
CVE-2023-30861 was published for flask (pip) May 1, 2023
twm davidism
Relative path traversal in mlflow High
CVE-2023-2356 was published for mlflow (pip) Apr 28, 2023
Unrestricted file upload in kiwi TCMS High
CVE-2023-30613 was published for kiwitcms (pip) Apr 24, 2023
mosaa404
Incorrect success value returned in vyper High
CVE-2023-30629 was published for vyper (pip) Apr 24, 2023
algys pavelvm5
Apache superset missing check for default SECRET_KEY High
CVE-2023-27524 was published for apache-superset (pip) Apr 24, 2023
Duplicate Advisory: Starlette allows an unauthenticated and remote attacker to specify any number of form fields or files High
GHSA-3qj8-93xh-pwh2 was published for starlette (pip) Apr 21, 2023 withdrawn
modoboa vulnerable to Cross-Site Request Forgery High
CVE-2023-2228 was published for modoboa (pip) Apr 21, 2023
pretalx vulnerable to path traversal in HTML export High
CVE-2023-28459 was published for pretalx (pip) Apr 20, 2023
Duplicate Advisory: Lemur subject to insecure random generation High
GHSA-r4xg-4wrv-w72h was published for lemur (pip) Apr 19, 2023 withdrawn
Mailman Core vulnerable to timing attacks High
CVE-2021-34337 was published for mailman (pip) Apr 15, 2023
Weak Password Requirements in calibreweb High
CVE-2023-2106 was published for calibreweb (pip) Apr 15, 2023
Flask-AppBuilder Has No Rate Limiting on Login AUTH DB High
CVE-2023-29005 was published for Flask-AppBuilder (pip) Apr 10, 2023
Apache Airflow Spark Provider vulnerable to improper input validation High
CVE-2023-28710 was published for apache-airflow-providers-apache-spark (pip) Apr 7, 2023
Apache Airflow Drill Provider vulnerable to improper input validation High
CVE-2023-28707 was published for apache-airflow-providers-apache-drill (pip) Apr 7, 2023
ADMesh improper array index validation High
CVE-2022-38072 was published for admesh (pip) Apr 3, 2023
Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views High
CVE-2023-28836 was published for wagtail (pip) Apr 3, 2023
thibaudcolas
zstd vulnerable to buffer overrun High
CVE-2022-4899 was published for github.com/facebook/zstd (pip) Mar 31, 2023
mindsdb arbitrary file write when extracting a remotely retrieved Tarball High
CVE-2023-30620 was published for mindsdb (pip) Mar 30, 2023
Sim4n6
Kiwi TCMS Stored Cross-site Scripting via SVG file High
CVE-2023-27489 was published for kiwitcms (pip) Mar 30, 2023
antoniospataro richardfan0606
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database