Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,095 advisories

Loading
Mesop has a local file Inclusion via static file serving functionality High
CVE-2024-45601 was published for mesop (pip) Sep 18, 2024
Letm3through
Guardrails has an arbitrary code execution vulnerability High
CVE-2024-45858 was published for guardrails-ai (pip) Sep 18, 2024
sqlitedict insecure deserialization vulnerability High
CVE-2024-35515 was published for sqlitedict (pip) Sep 18, 2024
vLLM denial of service vulnerability High
CVE-2024-8768 was published for vllm (pip) Sep 17, 2024
Sentry improperly authorizes muting of alert rules High
CVE-2024-45606 was published for sentry (pip) Sep 17, 2024
emanuelbeni
LiteLLM Server-Side Request Forgery (SSRF) vulnerability High
CVE-2024-6587 was published for litellm (pip) Sep 13, 2024
Cleanlab Deserialization of Untrusted Data vulnerability High
CVE-2024-45857 was published for cleanlab (pip) Sep 12, 2024
MindsDB Deserialization of Untrusted Data vulnerability High
CVE-2024-45854 was published for mindsdb (pip) Sep 12, 2024
MindsDB Deserialization of Untrusted Data vulnerability High
CVE-2024-45855 was published for mindsdb (pip) Sep 12, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45851 was published for mindsdb (pip) Sep 12, 2024
MindsDB Deserialization of Untrusted Data vulnerability High
CVE-2024-45853 was published for mindsdb (pip) Sep 12, 2024
MindsDB Deserialization of Untrusted Data vulnerability High
CVE-2024-45852 was published for mindsdb (pip) Sep 12, 2024
Refuel Autolab Eval Injection vulnerability High
CVE-2024-27321 was published for refuel-autolabel (pip) Sep 12, 2024
Refuel Autolab Eval Injection vulnerability High
CVE-2024-27320 was published for refuel-autolabel (pip) Sep 12, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45847 was published for mindsdb (pip) Sep 12, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45846 was published for mindsdb (pip) Sep 12, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45850 was published for mindsdb (pip) Sep 12, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45849 was published for mindsdb (pip) Sep 12, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45848 was published for mindsdb (pip) Sep 12, 2024
Apache Airflow vulnerable to Improper Encoding or Escaping of Output High
CVE-2024-45498 was published for apache-airflow (pip) Sep 7, 2024
Apache Airflow vulnerable to Execution with Unnecessary Privileges High
CVE-2024-45034 was published for apache-airflow (pip) Sep 7, 2024
HTML injection in JupyterLite leading to DOM Clobbering High
GHSA-gj55-2xf9-67rq was published for jupyterlite-core (pip) Sep 6, 2024
ishmeals jackfromeast
`spam` project on PyPI compromised, malicious releases made High
GHSA-2r6g-7r83-jg72 was published for spam (pip) Aug 30, 2024
opencv-python bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863 High
GHSA-qr4w-53vh-m672 was published for opencv-python (pip) Aug 30, 2024
opencv-contrib-python bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863 High
GHSA-cxjf-x6jp-p7mc was published for opencv-contrib-python (pip) Aug 30, 2024
ProTip! Advisories are also available from the GraphQL API