Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,675
Maven
5,000+
npm
4,297
NuGet
760
pip
4,077
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

328 advisories

Loading
configobj ReDoS exploitable by developer using values in a server-side configuration file Low
CVE-2023-26112 was published for configobj (pip) Apr 3, 2023
timothestoifl24
Credited to timothestoifl24
Ansible-Core vulnerable to content protections bypass Low
CVE-2024-11079 was published for ansible-core (pip) Nov 12, 2024
arvindshmicrosoft
Credited to arvindshmicrosoft
Cross-site Scripting in djangorestframework Low
CVE-2024-21520 was published for djangorestframework (pip) Jun 26, 2024
Apache Airflow Fab Provider Insufficient Session Expiration vulnerability Low
CVE-2024-45033 was published for apache-airflow-providers-fab (pip) Jan 8, 2025
GHSL-2024-288: SickChill open redirect in login Low
CVE-2024-53995 was published for sickchill (pip) Jan 8, 2025
Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution Low
CVE-2025-22151 was published for strawberry-graphql (pip) Jan 9, 2025
jamietdavidson bellini666
patrick91
Credited to jamietdavidson, bellini666, and patrick91
Vyper's `_abi_decode` vulnerable to Memory Overflow Low
CVE-2024-26149 was published for vyper (pip) Feb 26, 2024
minaminao-osec
Credited to minaminao-osec
Vyper's `extract32` can ready dirty memory Low
CVE-2024-24564 was published for vyper (pip) Feb 26, 2024
trocher
Credited to trocher
In Gradio, the `enable_monitoring` flag set to `False` does not disable monitoring Low
CVE-2024-47168 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Credited to ahpaleus and Vasco-jofra
Apache Airflow does not return the "Cache-Control" header for dynamic content Low
CVE-2024-25142 was published for apache-airflow (pip) Jun 14, 2024
Cross site scripting in zenml Low
CVE-2024-2171 was published for zenml (pip) Jun 6, 2024
Vulnerable OpenSSL included in cryptography wheels Low
CVE-2024-12797 was published for cryptography (pip) Feb 11, 2025
Certifi removes GLOBALTRUST root certificate Low
CVE-2024-39689 was published for certifi (pip) Jul 5, 2024
Kwpolska pcreager23
Credited to Kwpolska and pcreager23
copyparty renders unsanitized filenames as HTML when user uploads empty files Low
CVE-2025-27145 was published for copyparty (pip) Feb 26, 2025
JayPatel48
Credited to JayPatel48
langchain Server-Side Request Forgery vulnerability Low
CVE-2024-0243 was published for langchain (pip) Feb 26, 2024
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings Low
CVE-2022-31177 was published for Flask-AppBuilder (pip) Jul 29, 2022
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability Low
CVE-2024-42447 was published for apache-airflow-providers-fab (pip) Aug 5, 2024
Django TomSelect incomplete escaping of dangerous characters in widget attributes Low
GHSA-785h-76cm-cpmf was published for django-tomselect (pip) Mar 26, 2025
pysean3
Credited to pysean3
Flask-AppBuilder Observable Response Discrepancy Low
CVE-2025-24023 was published for flask-appbuilder (pip) Mar 3, 2025
millad7
Credited to millad7
MLflow has Weak Password Requirements Low
CVE-2025-1474 was published for mlflow (pip) Mar 20, 2025
Vyper's sqrt doesn't define rounding behavior Low
CVE-2025-26622 was published for vyper (pip) Feb 21, 2025
Vyper has a double eval in For List Iter Low
CVE-2025-27104 was published for vyper (pip) Feb 21, 2025
AugAssign evaluation order causing OOB write within the object in Vyper Low
CVE-2025-27105 was published for vyper (pip) Feb 21, 2025
plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images Low
CVE-2023-41048 was published for plone.namedfile (pip) Sep 21, 2023
msegoviag
Credited to msegoviag
VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext Low
CVE-2025-32021 was published for weblate (pip) Apr 15, 2025
joonashak nijel
gersona
Credited to joonashak, nijel, and gersona
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database