GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,477 advisories
Filter by severity
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Moderate
CVE-2024-35255
was published
for
@azure/identity
(Go)
Jun 11, 2024
Tornado has a CRLF injection in CurlAsyncHTTPClient headers
Moderate
GHSA-w235-7p84-xx57
was published
for
tornado
(pip)
Jun 6, 2024
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado
Moderate
GHSA-753j-mpmx-qq6g
was published
for
tornado
(pip)
Jun 6, 2024
Arbitrary file deletion in litellm
Moderate
CVE-2024-4888
was published
for
litellm
(pip)
Jun 6, 2024
scikit-learn sensitive data leakage vulnerability
Moderate
CVE-2024-5206
was published
for
scikit-learn
(pip)
Jun 6, 2024
Denial of service in langchain-community
Moderate
CVE-2024-2965
was published
for
langchain-community
(pip)
Jun 6, 2024
Server-Side Request Forgery in langchain-community.retrievers.web_research.WebResearchRetriever
Moderate
CVE-2024-3095
was published
for
langchain-community
(pip)
Jun 6, 2024
PyMongo Out-of-bounds Read in the bson module
Moderate
CVE-2024-5629
was published
for
pymongo
(pip)
Jun 5, 2024
path traversal vulnerability was identified in the parisneo/lollms-webui
Moderate
CVE-2024-4330
was published
for
lollms
(pip)
Jun 2, 2024
code injection vulnerability exists in the huggingface/text-generation-inference repository
Moderate
CVE-2024-3924
was published
for
text-generation
(pip)
Jun 2, 2024
Improper Handling of Insufficient Permissions in `wagtail.contrib.settings`
Moderate
CVE-2024-35228
was published
for
wagtail
(pip)
Jun 2, 2024
Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints
Moderate
CVE-2024-35189
was published
for
ethyca-fides
(pip)
Jun 2, 2024
Duplicate Advisory: Apache Superset uncontrolled resource consumption
Moderate
CVE-2024-23952
was published
for
apache-superset
(pip)
May 30, 2024
•
withdrawn
Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects
Moderate
CVE-2024-36112
was published
for
nautobot
(pip)
May 29, 2024
rockhopper Buffer Overflow vulnerability
Moderate
CVE-2022-4969
was published
for
rockhopper
(pip)
May 28, 2024
dbt allows Binding to an Unrestricted IP Address via socketsocket
Moderate
CVE-2024-36105
was published
for
dbt-core
(pip)
May 28, 2024
jupyter-scheduler's endpoint is missing authentication
Moderate
CVE-2024-28188
was published
for
jupyter-scheduler
(pip)
May 23, 2024
Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files
Moderate
CVE-2024-1727
was published
for
gradio
(pip)
May 21, 2024
OMERO.web must check that the JSONP callback is a valid function
Moderate
CVE-2024-35180
was published
for
omero-web
(pip)
May 21, 2024
ProTip!
Advisories are also available from the
GraphQL API