GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
268 advisories
Filter by severity
sigstore has insufficient validation of integration timestamp during verification
Low
CVE-2024-55655
was published
for
sigstore
(pip)
Dec 11, 2024
Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions
Low
CVE-2024-53947
was published
for
apache-superset
(pip)
Dec 9, 2024
PyJWT Issuer field partial matches allowed
Low
CVE-2024-53861
was published
for
PyJWT
(pip)
Dec 2, 2024
Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API
Low
CVE-2024-52008
was published
for
ethyca-fides
(pip)
Nov 26, 2024
Ansible-Core vulnerable to content protections bypass
Low
CVE-2024-11079
was published
for
ansible-core
(pip)
Nov 12, 2024
Apache Airflow vulnerable to Insertion of Sensitive Information Into Sent Data
Low
CVE-2024-50378
was published
for
apache-airflow
(pip)
Nov 8, 2024
Langchain SQL Injection vulnerability
Low
CVE-2024-8309
was published
for
langchain
(pip)
Oct 29, 2024
Lord of Large Language Models (LoLLMs) Server path traversal vulnerability in lollms_file_system.py
Low
CVE-2024-6971
was published
for
lollms
(pip)
Oct 11, 2024
Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list
Low
GHSA-26jh-r8g2-6fpr
was published
for
gradio
(pip)
Oct 10, 2024
In Gradio, the `enable_monitoring` flag set to `False` does not disable monitoring
Low
CVE-2024-47168
was published
for
gradio
(pip)
Oct 10, 2024
open-webui allows enumeration of file names and traversal of directories by observing the error messages
Low
CVE-2024-7038
was published
for
open-webui
(pip)
Oct 9, 2024
Timing-Based Username Enumeration Vulnerability in Fides Webserver Authentication
Low
CVE-2024-45052
was published
for
ethyca-fides
(pip)
Sep 4, 2024
LTI 1.3 Grade Pass Back Implementation has Missing Authorization Vulnerability
Low
CVE-2023-23611
was published
for
lti-consumer-xblock
(pip)
Aug 30, 2024
freewvs vulnerable to denial of service through large files
Low
CVE-2020-15100
was published
for
freewvs
(pip)
Aug 30, 2024
freewvs's nested directory structure can interrupt scan
Low
CVE-2020-15101
was published
for
freewvs
(pip)
Aug 30, 2024
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability
Low
CVE-2024-42447
was published
for
apache-airflow-providers-fab
(pip)
Aug 5, 2024
Ankitects Anki LaTeX Blocklist Bypass vulnerability
Low
CVE-2024-32152
was published
for
anki
(pip)
Jul 22, 2024
[PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS`
Low
CVE-2024-41124
was published
for
puncia
(pip)
Jul 19, 2024
Sentry's Python SDK unintentionally exposes environment variables to subprocesses
Low
CVE-2024-40647
was published
for
sentry-sdk
(pip)
Jul 18, 2024
dbt has an implicit override for built-in materializations from installed packages
Low
CVE-2024-40637
was published
for
dbt-core
(pip)
Jul 17, 2024
yt-dlp has dependency on potentially malicious third-party code in Douyu extractors
Low
GHSA-3v33-3wmw-3785
was published
for
yt-dlp
(pip)
Jul 8, 2024
Certifi removes GLOBALTRUST root certificate
Low
CVE-2024-39689
was published
for
certifi
(pip)
Jul 5, 2024
Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js
Low
CVE-2024-38537
was published
for
ethyca-fides
(pip)
Jul 2, 2024
Weblate vulnerable to improper sanitization of project backups
Low
CVE-2024-39303
was published
for
Weblate
(pip)
Jul 1, 2024
Apache Airflow does not return the "Cache-Control" header for dynamic content
Low
CVE-2024-25142
was published
for
apache-airflow
(pip)
Jun 14, 2024
ProTip!
Advisories are also available from the
GraphQL API