GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,049
Erlang
29
GitHub Actions
18
Go
1,871
Maven
5,000+
npm
3,597
NuGet
638
pip
3,198
Pub
10
RubyGems
852
Rust
809
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,047 advisories
Filter by severity
`spam` project on PyPI compromised, malicious releases made
High
GHSA-2r6g-7r83-jg72
was published
for
spam
(pip)
Aug 30, 2024
opencv-python bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863
High
GHSA-qr4w-53vh-m672
was published
for
opencv-python
(pip)
Aug 30, 2024
opencv-contrib-python bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863
High
GHSA-cxjf-x6jp-p7mc
was published
for
opencv-contrib-python
(pip)
Aug 30, 2024
opencv-python-headless bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863
High
GHSA-jh2j-j4j9-crg3
was published
for
opencv-python-headless
(pip)
Aug 30, 2024
opencv-contrib-python-headless bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863
High
GHSA-w2pj-9cgh-mq2c
was published
for
opencv-contrib-python-headless
(pip)
Aug 30, 2024
gratient 0.5 contains credential harvesting code
High
GHSA-xm4r-5rj9-2pg3
was published
for
gratient
(pip)
Aug 30, 2024
`exotel` project on PyPI compromised, malicious release made
High
GHSA-x6xg-3fj2-4pq3
was published
for
exotel
(pip)
Aug 30, 2024
nanopb vulnerable to invalid free() call with oneofs and PB_ENABLE_MALLOC
High
CVE-2021-21401
was published
for
nanopb
(pip)
Aug 30, 2024
Hyperledger Indy's update process of a DID does not check who signs the request
High
CVE-2020-11093
was published
for
indy-node
(pip)
Aug 30, 2024
HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering
High
CVE-2024-43805
was published
for
jupyterlab
(pip)
Aug 29, 2024
Taipy 3.1.1 affected by CVEs on flask-core and pymongo
High
GHSA-pp84-v3mw-gg4w
was published
for
taipy
(pip)
Aug 27, 2024
pretix Stored Cross-site Scripting vulnerability
High
CVE-2024-8113
was published
for
pretix
(pip)
Aug 23, 2024
LF Edge eKuiper has a SQL Injection in sqlKvStore
High
CVE-2024-43406
was published
for
ekuiper
(Go)
Aug 20, 2024
Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files
High
CVE-2024-43399
was published
for
mobsf
(pip)
Aug 19, 2024
Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default
High
CVE-2024-6221
was published
for
flask-cors
(pip)
Aug 18, 2024
Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow
High
CVE-2024-42370
was published
for
litestar
(pip)
Aug 9, 2024
•
withdrawn
JupyterHub has a privilege escalation vulnerability with the `admin:users` scope
High
CVE-2024-41942
was published
for
jupyterhub
(pip)
Aug 8, 2024
openstack-heat may disclose sensitive information
High
CVE-2024-7319
was published
for
openstack-heat
(pip)
Aug 2, 2024
Insecure Jinja2 templates rendered in Haystack Components can lead to RCE
High
CVE-2024-41950
was published
for
haystack-ai
(pip)
Jul 31, 2024
Weave server API vulnerable to arbitrary file leak
High
CVE-2024-7340
was published
for
weave
(pip)
Jul 31, 2024
TensorFlow has segfault in array_ops.upper_bound
High
CVE-2023-33976
was published
for
tensorflow
(pip)
Jul 30, 2024
twisted.web has disordered HTTP pipeline response
High
CVE-2024-41671
was published
for
twisted
(pip)
Jul 29, 2024
Sentry vulnerable to stored Cross-Site Scripting (XSS)
High
CVE-2024-41656
was published
for
sentry
(pip)
Jul 23, 2024
Apache Airflow has DAG Author Code Execution possibility in airflow-scheduler
High
CVE-2024-39877
was published
for
apache-airflow
(pip)
Jul 17, 2024
ProTip!
Advisories are also available from the
GraphQL API