Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

1,830 advisories

Loading
Apache Airflow: DAG Code and Import Error Permissions Ignored Moderate
CVE-2024-27906 was published for apache-airflow (pip) Feb 29, 2024
oscerd Credited to oscerd and sunSUNQ sunSUNQ sunSUNQ
Stored XSS in PySpector HTML Report Generation leads to Javascript Code Execution Moderate
CVE-2026-33140 was published for pyspector (pip) Mar 18, 2026
satoridev01 Credited to satoridev01
pypdf has inefficient decoding of array-based streams Moderate
CVE-2026-33123 was published for pypdf (pip) Mar 18, 2026
kule500 Credited to kule500 and stefan6419846 stefan6419846 stefan6419846
Denial of service via non-terminating SYLT frame parsing loop in tinytag Moderate
CVE-2026-32889 was published for tinytag (pip) Mar 19, 2026
kq5y Credited to kq5y
Ansible-core information disclosure flaw Moderate
CVE-2024-0690 was published for ansible-core (pip) Feb 6, 2024
Openstack Octavia Access Control Vulnerability Moderate
CVE-2019-3895 was published for octavia (pip) May 24, 2022
PyMuPDF has a path traversal in _main_.py Moderate
CVE-2026-3029 was published for PyMuPDF (pip) Mar 19, 2026
NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion Moderate
CVE-2026-33332 was published for nicegui (pip) Mar 19, 2026
aest3ra Credited to aest3ra, oxqnd, mjkim610, evnchn, Khaliun-sw1, and falkoschindler oxqnd oxqnd
mjkim610 mjkim610 evnchn evnchn Khaliun-sw1 Khaliun-sw1 falkoschindler falkoschindler
Improper Authentication and Origin Validation Error in pyload-ng Moderate
CVE-2026-33314 was published for pyload-ng (pip) Mar 19, 2026
Jaynornj Credited to Jaynornj
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in nltk Moderate
CVE-2026-33230 was published for nltk (pip) Mar 18, 2026
leduckhuong Credited to leduckhuong
Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS) Moderate
CVE-2024-27083 was published for Flask-AppBuilder (pip) Feb 28, 2024
chor4o Credited to chor4o and dpgaspar dpgaspar dpgaspar
Apache Libcloud vulnerable to certificate impersonation Moderate
CVE-2012-3446 was published for apache-libcloud (pip) May 17, 2022
Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding Moderate
CVE-2026-32632 was published for Glances (pip) Mar 16, 2026
restriction Credited to restriction
JustHTML has a Sanitizer Bypass (in Markdown) Moderate
GHSA-3rcm-vjrc-p45j was published for justhtml (pip) Mar 18, 2026
kejcao Credited to kejcao
JustHTML Affected by Mutation XSS via Literal Text Serialization in Raw Text Elements (style/script) Moderate
GHSA-qvc2-mg72-jjhx was published for justhtml (pip) Mar 18, 2026
restriction Credited to restriction
Natural Language Toolkit (NLTK) has unbounded recursion in JSONTaggedDecoder.decode_obj() may cause DoS Moderate
GHSA-rf74-v2fm-23pw was published for nltk (pip) Mar 18, 2026
ZeroXJacks Credited to ZeroXJacks
Apache Airflow: DAG authorization bypass Moderate
CVE-2026-28563 was published for apache-airflow (pip) Mar 17, 2026
Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit Moderate
CVE-2026-4269 was published for bedrock-agentcore-starter-toolkit (pip) Mar 17, 2026
AWS API MCP File Access Restriction Bypass Moderate
CVE-2026-4270 was published for awslabs.aws-api-mcp-server (pip) Mar 17, 2026
Vanna has a SQL injection in the remove_training_data function Moderate
CVE-2026-4229 was published for vanna (pip) Mar 16, 2026
Apache Superset: Improper error handling on alerts Moderate
CVE-2024-27315 was published for apache-superset (pip) Feb 28, 2024
oscerd Credited to oscerd
Apache Superset: Improper authorization validation on dashboards and charts import Moderate
CVE-2024-26016 was published for apache-superset (pip) Feb 28, 2024
oscerd Credited to oscerd
Apache Superset: Improper validation of SQL statements allows for unauthorized access to data Moderate
CVE-2024-24773 was published for apache-superset (pip) Feb 28, 2024
oscerd Credited to oscerd
Onnx Out-of-bounds Read vulnerability Moderate
CVE-2024-27319 was published for onnx (pip) Feb 23, 2024
iarspider Credited to iarspider
Apache Superset: Improper data authorization when creating a new dataset Moderate
CVE-2024-24779 was published for apache-superset (pip) Feb 28, 2024
oscerd Credited to oscerd
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database