GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
183 advisories
Filter by severity
Gradio vulnerable to arbitrary file read with File and UploadButton components
Moderate
CVE-2024-51751
was published
for
gradio
(pip)
Nov 6, 2024
Gradio has several components with post-process steps allow arbitrary file leaks
Moderate
CVE-2024-47868
was published
for
gradio
(pip)
Oct 10, 2024
open-webui allows enumeration of file names and traversal of directories by observing the error messages
Low
CVE-2024-7038
was published
for
open-webui
(pip)
Oct 9, 2024
RestrictedPython information leakage via `AttributeError.obj` and the `string` module
High
CVE-2024-47532
was published
for
RestrictedPython
(pip)
Sep 30, 2024
Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users
Moderate
CVE-2024-8072
was published
for
mage-ai
(pip)
Aug 22, 2024
openstack-heat may disclose sensitive information
Moderate
CVE-2024-7319
was published
for
openstack-heat
(pip)
Aug 2, 2024
Sentry's Python SDK unintentionally exposes environment variables to subprocesses
Low
CVE-2024-40647
was published
for
sentry-sdk
(pip)
Jul 18, 2024
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access
High
CVE-2024-32498
was published
for
cinder
(pip)
Jul 5, 2024
Jupyter server on Windows discloses Windows user password hash
High
CVE-2024-35178
was published
for
jupyter_server
(pip)
Jun 6, 2024
Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints
Moderate
CVE-2024-35189
was published
for
ethyca-fides
(pip)
Jun 2, 2024
jupyter-scheduler's endpoint is missing authentication
Moderate
CVE-2024-28188
was published
for
jupyter-scheduler
(pip)
May 23, 2024
Duplicate Advisory: Scrapy leaks the authorization header on same-domain but cross-origin redirects
High
GHSA-cg34-w3fm-82h3
was published
for
scrapy
(pip)
May 20, 2024
•
withdrawn
Scrapy leaks the authorization header on same-domain but cross-origin redirects
Moderate
CVE-2024-1968
was published
for
Scrapy
(pip)
May 14, 2024
Nebari prints temporary Keycloak root password
Moderate
CVE-2024-34529
was published
for
nebari
(pip)
May 6, 2024
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used
Moderate
CVE-2024-31869
was published
for
apache-airflow
(pip)
Apr 18, 2024
Duplicate Advisory: Scrapy authorization header leakage on cross-domain redirect
High
GHSA-4q82-j5c2-g2c5
was published
for
scrapy
(pip)
Apr 16, 2024
•
withdrawn
Unauthenticated views may expose information to anonymous users
Low
CVE-2024-29199
was published
for
nautobot
(pip)
Mar 26, 2024
Apache Superset: Improper error handling on alerts
Moderate
CVE-2024-27315
was published
for
apache-superset
(pip)
Feb 28, 2024
Scrapy authorization header leakage on cross-domain redirect
High
CVE-2024-3574
was published
for
scrapy
(pip)
Feb 15, 2024
NoneBot Potential Information Leak in User-Constructed Message Templates
Moderate
CVE-2024-21624
was published
for
nonebot2
(pip)
Feb 9, 2024
DIRAC's TokenManager does not check permissions on cached tokens
Critical
CVE-2024-24825
was published
for
DIRAC
(pip)
Feb 8, 2024
JupyterLab vulnerable to potential authentication and CSRF tokens leak
High
CVE-2024-22421
was published
for
jupyterlab
(pip)
Jan 19, 2024
ProTip!
Advisories are also available from the
GraphQL API