Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,154
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,953 advisories

Loading
langchain-experimental vulnerable to Arbitrary Code Execution Critical
CVE-2024-21513 was published for langchain-experimental (pip) Jul 15, 2024
setuptools vulnerable to Command Injection via package URL High
CVE-2024-6345 was published for setuptools (pip) Jul 15, 2024
Malware package cipherbcrypt High
GHSA-5grr-72f9-678v was published for cipherbcrypt (pip) Jul 12, 2024
Local File Inclusion in Solara High
CVE-2024-39903 was published for solara (pip) Jul 12, 2024
sunriseXu
Red-DiscordBot vulnerable to Incorrect Authorization in commands API Moderate
CVE-2024-39905 was published for Red-DiscordBot (pip) Jul 11, 2024
Flame442
Wagtail regular expression denial-of-service via search query parsing High
CVE-2024-39317 was published for wagtail (pip) Jul 11, 2024
RealOrangeOne
Django Path Traversal vulnerability High
CVE-2024-39330 was published for Django (pip) Jul 10, 2024
Django vulnerable to Denial of Service High
CVE-2024-38875 was published for Django (pip) Jul 10, 2024
Django vulnerable to user enumeration attack Moderate
CVE-2024-39329 was published for Django (pip) Jul 10, 2024
Django vulnerable to Denial of Service High
CVE-2024-39614 was published for Django (pip) Jul 10, 2024
zipp Denial of Service vulnerability Moderate
CVE-2024-5569 was published for zipp (pip) Jul 9, 2024
Aim denial of service vulnerability High
CVE-2024-6227 was published for aim (pip) Jul 8, 2024
Khoj Open Redirect Vulnerability in Login Page Moderate
GHSA-564j-v29w-rqr6 was published for khoj-assistant (pip) Jul 8, 2024
davidxbors
yt-dlp has dependency on potentially malicious third-party code in Douyu extractors Low
GHSA-3v33-3wmw-3785 was published for yt-dlp (pip) Jul 8, 2024
LeSuisse bashonly
Vanna vulnerable to SQL Injection High
CVE-2024-5753 was published for vanna (pip) Jul 5, 2024
Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL Moderate
CVE-2024-31223 was published for ethyca-fides (pip) Jul 5, 2024
RobertKeyser
Certifi removes GLOBALTRUST root certificate Low
CVE-2024-39689 was published for certifi (pip) Jul 5, 2024
Kwpolska pcreager23
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access High
CVE-2024-32498 was published for cinder (pip) Jul 5, 2024
Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js Low
CVE-2024-38537 was published for ethyca-fides (pip) Jul 2, 2024
yt-dlp File system modification and RCE through improper file-extension sanitization High
CVE-2024-38519 was published for yt-dlp (pip) Jul 2, 2024
pukkandan JarLob
Grub4K
Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py Critical
CVE-2024-39236 was published for Gradio (pip) Jul 1, 2024
kmulka-bloomberg
Weblate vulnerable to improper sanitization of project backups Low
CVE-2024-39303 was published for Weblate (pip) Jul 1, 2024
quehill
Reflected Cross-Site Scripting (XSS) in zenml Moderate
CVE-2024-5062 was published for zenml (pip) Jun 30, 2024
ntlk unsafe deserialization vulnerability High
CVE-2024-39705 was published for nltk (pip) Jun 28, 2024
justinrosenthal ekaf
pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint Critical
CVE-2024-5980 was published for lightning (pip) Jun 27, 2024
awaelchli
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database