Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,049
Erlang
29
GitHub Actions
18
Go
1,871
Maven
5,000+
npm
3,597
NuGet
638
pip
3,198
Pub
10
RubyGems
852
Rust
809
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,047 advisories

`spam` project on PyPI compromised, malicious releases made High
GHSA-2r6g-7r83-jg72 was published for spam (pip) Aug 30, 2024
opencv-python bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863 High
GHSA-qr4w-53vh-m672 was published for opencv-python (pip) Aug 30, 2024
opencv-contrib-python bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863 High
GHSA-cxjf-x6jp-p7mc was published for opencv-contrib-python (pip) Aug 30, 2024
opencv-python-headless bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863 High
GHSA-jh2j-j4j9-crg3 was published for opencv-python-headless (pip) Aug 30, 2024
opencv-contrib-python-headless bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863 High
GHSA-w2pj-9cgh-mq2c was published for opencv-contrib-python-headless (pip) Aug 30, 2024
gratient 0.5 contains credential harvesting code High
GHSA-xm4r-5rj9-2pg3 was published for gratient (pip) Aug 30, 2024
`exotel` project on PyPI compromised, malicious release made High
GHSA-x6xg-3fj2-4pq3 was published for exotel (pip) Aug 30, 2024
nanopb vulnerable to invalid free() call with oneofs and PB_ENABLE_MALLOC High
CVE-2021-21401 was published for nanopb (pip) Aug 30, 2024
Hyperledger Indy's update process of a DID does not check who signs the request High
CVE-2020-11093 was published for indy-node (pip) Aug 30, 2024
alexandredeleze
HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering High
CVE-2024-43805 was published for jupyterlab (pip) Aug 29, 2024
jackfromeast ishmeals
RRosio krassowski
Taipy 3.1.1 affected by CVEs on flask-core and pymongo High
GHSA-pp84-v3mw-gg4w was published for taipy (pip) Aug 27, 2024
gaudinnicolas
pretix Stored Cross-site Scripting vulnerability High
CVE-2024-8113 was published for pretix (pip) Aug 23, 2024
LF Edge eKuiper has a SQL Injection in sqlKvStore High
CVE-2024-43406 was published for ekuiper (Go) Aug 20, 2024
leonnewton
Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files High
CVE-2024-43399 was published for mobsf (pip) Aug 19, 2024
bulutenes
Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default High
CVE-2024-6221 was published for flask-cors (pip) Aug 18, 2024
adrianosela Alex-ley-scrub
Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow High
CVE-2024-42370 was published for litestar (pip) Aug 9, 2024 withdrawn
pwntester JacobCoffee
JupyterHub has a privilege escalation vulnerability with the `admin:users` scope High
CVE-2024-41942 was published for jupyterhub (pip) Aug 8, 2024
oliver-sanders
openstack-heat may disclose sensitive information High
CVE-2024-7319 was published for openstack-heat (pip) Aug 2, 2024
Insecure Jinja2 templates rendered in Haystack Components can lead to RCE High
CVE-2024-41950 was published for haystack-ai (pip) Jul 31, 2024
Weave server API vulnerable to arbitrary file leak High
CVE-2024-7340 was published for weave (pip) Jul 31, 2024
TensorFlow has segfault in array_ops.upper_bound High
CVE-2023-33976 was published for tensorflow (pip) Jul 30, 2024
dmc1778
twisted.web has disordered HTTP pipeline response High
CVE-2024-41671 was published for twisted (pip) Jul 29, 2024
kenballus twm
adiroiban
Sentry vulnerable to stored Cross-Site Scripting (XSS) High
CVE-2024-41656 was published for sentry (pip) Jul 23, 2024
stsewd
TorchServe gRPC Port Exposure High
CVE-2024-35199 was published for torchserve (pip) Jul 18, 2024
Apache Airflow has DAG Author Code Execution possibility in airflow-scheduler High
CVE-2024-39877 was published for apache-airflow (pip) Jul 17, 2024
ProTip! Advisories are also available from the GraphQL API