Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,319
Erlang
31
GitHub Actions
21
Go
2,077
Maven
5,000+
npm
3,746
NuGet
674
pip
3,435
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

1,411 advisories

Loading
Django has a potential denial-of-service vulnerability in IPv6 validation Moderate
CVE-2024-56374 was published for Django (pip) Jan 14, 2025
keras Path Traversal vulnerability Moderate
CVE-2024-55459 was published for keras (pip) Jan 8, 2025
khoj has an IDOR in subscription management allows unauthorized subscription modifications Moderate
CVE-2024-52294 was published for khoj (pip) Dec 30, 2024
adventure8812 r0path
python-sql SQL injection vulnerability Moderate
CVE-2024-9774 was published for python-sql (pip) Dec 27, 2024
Koji Cross-site Scripting Moderate
CVE-2024-9427 was published for koji (pip) Dec 24, 2024
Jinja has a sandbox breakout through indirect reference to format method Moderate
CVE-2024-56326 was published for jinja2 (pip) Dec 23, 2024
Lydxn despawningbone
Jinja has a sandbox breakout through malicious filenames Moderate
CVE-2024-56201 was published for jinja2 (pip) Dec 23, 2024
sleiner sisp
frenzymadness
PGHoard Path Traversal vulnerability Moderate
CVE-2024-56142 was published for pghoard (pip) Dec 17, 2024
jserran1
D-Tale allows Remote Code Execution through the Custom Filter Input Moderate
CVE-2024-55890 was published for dtale (pip) Dec 13, 2024
TaiPhung217
unstructured XML External Entity (XXE) Moderate
CVE-2024-46455 was published for unstructured (pip) Dec 9, 2024
Apache Superset: Error verbosity exposes metadata in analytics databases Moderate
CVE-2024-53948 was published for apache-superset (pip) Dec 9, 2024
Django denial-of-service in django.utils.html.strip_tags() Moderate
CVE-2024-53907 was published for Django (pip) Dec 6, 2024
Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality Moderate
CVE-2024-53999 was published for mobsf (pip) Dec 3, 2024
lDomenx
Synapse Matrix has a partial room state leak via Sliding Sync Moderate
CVE-2024-53867 was published for matrix-synapse (pip) Dec 3, 2024
Synapse's unauthenticated writes to the media repository allow planting of problematic content Moderate
CVE-2024-37303 was published for matrix-synapse (pip) Dec 3, 2024
Python package "zhmcclient" stores passwords in clear text in its HMC and API logs Moderate
CVE-2024-53865 was published for zhmcclient (pip) Dec 2, 2024
andy-maier
check-jsonschema default caching for remote schemas allows for cache confusion Moderate
CVE-2024-53848 was published for check-jsonschema (pip) Dec 2, 2024
sethmlarson sirosen
pyspider Cross-site Scripting vulnerability Moderate
CVE-2024-39162 was published for pyspider (pip) Nov 29, 2024
libre-chat Path Traversal vulnerability Moderate
CVE-2024-52787 was published for libre-chat (pip) Nov 25, 2024
OpenStack Neutron can use an incorrect ID during policy enforcement Moderate
CVE-2024-53916 was published for neutron (pip) Nov 25, 2024
bottarocarlo
Sentry improper error handling leaks Application Integration Client Secret Moderate
CVE-2024-53253 was published for sentry (pip) Nov 22, 2024
Christinarlong
django CMS Attributes Field Cross-site Scripting Moderate
CVE-2024-11406 was published for djangocms-attributes-field (pip) Nov 20, 2024
django Filer Unrestricted Upload of File with Dangerous Type Moderate
CVE-2024-11404 was published for django-filer (pip) Nov 20, 2024
aiohttp allows request smuggling due to incorrect parsing of chunk extensions Moderate
CVE-2024-52304 was published for aiohttp (pip) Nov 18, 2024
JeppW
aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method Moderate
CVE-2024-52303 was published for aiohttp (pip) Nov 18, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database