Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,359
Erlang
33
GitHub Actions
22
Go
2,126
Maven
5,000+
npm
3,787
NuGet
683
pip
3,467
Pub
12
RubyGems
894
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,467 advisories

Loading
nanopb vulnerable to invalid free() call with oneofs and PB_ENABLE_MALLOC High
CVE-2021-21401 was published for nanopb (pip) Aug 30, 2024
freewvs vulnerable to denial of service through large files Low
CVE-2020-15100 was published for freewvs (pip) Aug 30, 2024
freewvs's nested directory structure can interrupt scan Low
CVE-2020-15101 was published for freewvs (pip) Aug 30, 2024
Hyperledger Indy's update process of a DID does not check who signs the request High
CVE-2020-11093 was published for indy-node (pip) Aug 30, 2024
alexandredeleze
HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering High
CVE-2024-43805 was published for jupyterlab (pip) Aug 29, 2024
jackfromeast ishmeals
RRosio krassowski
Taipy has a Session Cookie without Secure and HTTPOnly flags Moderate
CVE-2024-47833 was published for taipy (pip) Aug 27, 2024
mbiesiad
Taipy 3.1.1 affected by CVEs on flask-core and pymongo High
GHSA-pp84-v3mw-gg4w was published for taipy (pip) Aug 27, 2024
gaudinnicolas
FastAPI Admin cross-site scripting (XSS) vulnerability in the Create Product function Moderate
CVE-2024-42816 was published for fastapi-admin (pip) Aug 26, 2024
FastAPI Admin Cross-site Scripting vulnerability in the Config-Create function Moderate
CVE-2024-42818 was published for fastapi-admin (pip) Aug 26, 2024
Mage AI incorrectly gives privileges to users with deleted accounts Moderate
CVE-2024-45187 was published for mage-ai (pip) Aug 23, 2024
Mage AI Path Traversal vulnerability Moderate
CVE-2024-45188 was published for mage-ai (pip) Aug 23, 2024
Mage AI Path Traversal vulnerability Moderate
CVE-2024-45190 was published for mage-ai (pip) Aug 23, 2024
Mage AI Path Traversal vulnerability Moderate
CVE-2024-45189 was published for mage-ai (pip) Aug 23, 2024
pretix Stored Cross-site Scripting vulnerability High
CVE-2024-8113 was published for pretix (pip) Aug 23, 2024
p-w
LlamaIndex includes an exec call for `import {cls_name}` Critical
CVE-2024-45201 was published for llama-index-core (pip) Aug 22, 2024
Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users Moderate
CVE-2024-8072 was published for mage-ai (pip) Aug 22, 2024
Apache Airflow Cross-site Scripting Vulnerability Moderate
CVE-2024-41937 was published for apache-airflow (pip) Aug 21, 2024
Potential access to sensitive URLs via CKAN extensions (SSRF) Moderate
CVE-2024-43371 was published for ckan (pip) Aug 21, 2024
ThrawnCA senzee1984
CKAN has Cross-site Scripting vector in the Datatables view plugin Moderate
CVE-2024-41675 was published for ckan (pip) Aug 21, 2024
gatiszeiris
CKAN may leak Solr credentials via error message in package_search action Moderate
CVE-2024-41674 was published for ckan (pip) Aug 21, 2024
FuhuXia
LF Edge eKuiper has a SQL Injection in sqlKvStore High
CVE-2024-43406 was published for ekuiper (Go) Aug 20, 2024
leonnewton
Khoj Vulnerable to Stored Cross-site Scripting In Automate (Preview feature) Moderate
CVE-2024-43396 was published for khoj (pip) Aug 20, 2024
calligraf0
Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files High
CVE-2024-43399 was published for mobsf (pip) Aug 19, 2024
bulutenes
Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default High
CVE-2024-6221 was published for Flask-Cors (pip) Aug 18, 2024
adrianosela Alex-ley-scrub
icarocd
WebOb's location header normalization during redirect leads to open redirect Moderate
CVE-2024-42353 was published for webob (pip) Aug 14, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database