Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,315 advisories

Loading
PaddlePaddle allows arbitrary file read via paddle.vision.ops.read_file High
CVE-2024-1603 was published for paddlepaddle (pip) Mar 23, 2024
SSRF Vulnerability on assetlinks_check(act_name, well_knowns) High
CVE-2024-29190 was published for mobsfscan (pip) Mar 22, 2024
bulutenes aydinnyunus
ESPHome vulnerable to Authentication bypass via Cross site request forgery High
CVE-2024-29019 was published for esphome (pip) Mar 21, 2024
r3kumar
GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace High
CVE-2024-29033 was published for oauthenticator (pip) Mar 20, 2024
manics consideRatio
betatim
Denial of service via regular expression High
CVE-2024-28865 was published for wiki (pip) Mar 18, 2024
stsewd benjaoming
oscarmcm
RCE in TranformGraph().to_dot_graph function High
CVE-2023-41334 was published for astropy (pip) Mar 18, 2024
u32i
Remote Code Execution Vulnerability in Microsoft Django Backend for SQL Server High
CVE-2024-26164 was published for mssql-django (pip) Mar 12, 2024
WeasyPrint allows the attachment of arbitrary files and URLs to a PDF High
CVE-2024-28184 was published for weasyprint (pip) Mar 8, 2024
nullie
RPyC's missing security check results in code execution when using numpy.array on the server-side. High
CVE-2024-27758 was published for rpyc (pip) Mar 6, 2024
renbou comrumino
ESPHome vulnerable to remote code execution via arbitrary file write High
CVE-2024-27081 was published for esphome (pip) Mar 1, 2024
Docassemble unauthorized access through URL manipulation High
CVE-2024-27292 was published for docassemble.base (pip) Feb 29, 2024
richighimi
Duplicate Advisory: ReDos vulnerability of XMLFeedSpider High
GHSA-7c9g-vj9m-8pm6 was published for scrapy (pip) Feb 28, 2024 withdrawn
ZenML Server Remote Privilege Escalation Vulnerability High
CVE-2024-25723 was published for zenml (pip) Feb 27, 2024
hahwul
orjson does not limit recursion for deeply nested JSON documents High
CVE-2024-27454 was published for orjson (pip) Feb 26, 2024
Cross-site Scripting in MLFlow High
CVE-2024-27132 was published for mlflow (pip) Feb 24, 2024
MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution High
CVE-2024-27133 was published for mlflow (pip) Feb 24, 2024
oscerd gabby202308
Onnx Directory Traversal vulnerability High
CVE-2024-27318 was published for onnx (pip) Feb 23, 2024
iarspider
pypqc private key retrieval vulnerability High
GHSA-rc4p-p3j9-6577 was published for pypqc (pip) Feb 22, 2024
Potentially untrusted input is rendered as HTML in final output High
CVE-2024-26151 was published for mjml (pip) Feb 22, 2024
sh-at-cs
cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override High
CVE-2024-26130 was published for cryptography (pip) Feb 21, 2024
Alexander-Programming cd-work
Potential buffer overflow in CBOR2 decoder High
CVE-2024-26134 was published for cbor2 (pip) Feb 21, 2024
miri64
Cross-site Scripting in Pyhtml2pdf High
CVE-2024-1647 was published for pyhtml2pdf (pip) Feb 20, 2024
Scrapy decompression bomb vulnerability High
CVE-2024-3572 was published for scrapy (pip) Feb 16, 2024
dmandefy
Scrapy authorization header leakage on cross-domain redirect High
CVE-2024-3574 was published for scrapy (pip) Feb 15, 2024
ranjit-git
Scrapy vulnerable to ReDoS via XMLFeedSpider High
CVE-2024-1892 was published for scrapy (pip) Feb 15, 2024
nicecatch2000
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database