Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,312 advisories

Loading
djoser Authentication Bypass High
CVE-2024-21543 was published for djoser (pip) Dec 13, 2024
Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access High
CVE-2024-55633 was published for apache-superset (pip) Dec 12, 2024
python-libarchive directory traversal High
CVE-2024-55587 was published for python-libarchive (pip) Dec 12, 2024
luigi Arbitrary File Write via Archive Extraction (Zip Slip) High
CVE-2024-21542 was published for luigi (pip) Dec 10, 2024
Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled High
CVE-2024-53949 was published for apache-superset (pip) Dec 9, 2024
Django SQL injection in HasKey(lhs, rhs) on Oracle High
CVE-2024-53908 was published for Django (pip) Dec 6, 2024
pyspider Cross-Site Request Forgery (CSRF) via the Flask endpoints High
CVE-2024-39163 was published for pyspider (pip) Dec 4, 2024
Synapse allows a a malformed invite to break the invitee's `/sync` High
CVE-2024-52815 was published for matrix-synapse (pip) Dec 3, 2024
Synapse allows unsupported content types to lead to memory exhaustion High
CVE-2024-52805 was published for matrix-synapse (pip) Dec 3, 2024
Synapse denial of service through media disk space consumption High
CVE-2024-37302 was published for matrix-synapse (pip) Dec 3, 2024
Denial of service (DoS) via deformation `multipart/form-data` boundary High
CVE-2024-53981 was published for python-multipart (pip) Dec 2, 2024
Startr4ck defnull
mnqazi
aiocpa contains credential harvesting code High
GHSA-486g-47cc-8wxf was published for aiocpa (pip) Nov 25, 2024
MLflow's excessive directory permissions allow local privilege escalation High
CVE-2024-27134 was published for mlflow (pip) Nov 25, 2024
Tornado has an HTTP cookie parsing DoS vulnerability High
CVE-2024-52804 was published for tornado (pip) Nov 22, 2024
kexinoh
GeoNode Server Side Request forgery High
CVE-2023-40017 was published for geonode (pip) Nov 21, 2024
ImThatT
LLama Factory Remote OS Command Injection Vulnerability High
CVE-2024-52803 was published for llamafactory (pip) Nov 21, 2024
superboy-zjc
Litestar allows unbounded resource consumption (DoS vulnerability) High
CVE-2024-52581 was published for litestar (pip) Nov 20, 2024
defnull
HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through High
CVE-2024-52595 was published for lxml-html-clean (pip) Nov 19, 2024
JorianWoltjer frenzymadness
Apache Airflow: Sensitive configuration values are not masked in the logs by default High
CVE-2024-45784 was published for airflow (pip) Nov 15, 2024
changedetection.io path traversal using file URI scheme without supplying hostname High
CVE-2024-51998 was published for changedetection.io (pip) Nov 7, 2024
Erb3
AgentScope uses `eval` High
CVE-2024-48050 was published for agentscope (pip) Nov 5, 2024
langflow has vulnerability in PythonCodeTool component High
CVE-2024-42835 was published for langflow (pip) Oct 31, 2024
Waitress vulnerable to DoS leading to high CPU usage/resource exhaustion High
CVE-2024-49769 was published for waitress (pip) Oct 29, 2024
djay d-maurer
digitalresistor
Duplicate Advisory: pyload-ng vulnerable to RCE with js2py sandbox escape High
GHSA-25pw-q952-x37g was published for pyload-ng (pip) Oct 28, 2024 withdrawn
ProTip! Advisories are also available from the GraphQL API