Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,975
Maven
5,000+
npm
3,698
NuGet
654
pip
3,314
Pub
11
RubyGems
882
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+

3,314 advisories

Loading
changedetection.io Path Traversal Moderate
CVE-2024-51483 was published for changedetection.io (pip) Nov 1, 2024
chasebowman-contrast
langflow has vulnerability in PythonCodeTool component High
CVE-2024-42835 was published for langflow (pip) Oct 31, 2024
Langchain-Community SQL Injection vulnerability Low
CVE-2024-8309 was published for langchain-community (pip) Oct 29, 2024
BarrensZeppelin
Lollms vulnerable to Cross-site Scripting Moderate
CVE-2024-6581 was published for lollms (pip) Oct 29, 2024
Waitress has request processing race condition in HTTP pipelining with invalid first request Critical
CVE-2024-49768 was published for waitress (pip) Oct 29, 2024
digitalresistor mmerickel
Waitress vulnerable to DoS leading to high CPU usage/resource exhaustion High
CVE-2024-49769 was published for waitress (pip) Oct 29, 2024
djay d-maurer
digitalresistor
Duplicate Advisory: pyload-ng vulnerable to RCE with js2py sandbox escape High
GHSA-25pw-q952-x37g was published for pyload-ng (pip) Oct 28, 2024 withdrawn
MPXJ has a Potential Path Traversal Vulnerability Moderate
CVE-2024-49771 was published for MPXJ.Net (RubyGems) Oct 28, 2024
pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API High
CVE-2024-47821 was published for pyload-ng (pip) Oct 28, 2024
anuraagbaishya
Werkzeug possible resource exhaustion when parsing file data in forms Moderate
CVE-2024-49767 was published for quart (pip) Oct 25, 2024
defnull
Werkzeug safe_join not safe on Windows Moderate
CVE-2024-49766 was published for Werkzeug (pip) Oct 25, 2024
nvn1729
The Snowflake Connector for Python stores sensitive data in logs Moderate
CVE-2024-49750 was published for snowflake-connector-python (pip) Oct 24, 2024
curl_cffi bundles a version of libcurl affected by High Severity vulnerability High
GHSA-3vpc-4p9p-47hc was published for curl-cffi (pip) Oct 22, 2024
SCH227
Flair allows arbitrary code execution Moderate
CVE-2024-10073 was published for flair (pip) Oct 17, 2024
m3t3kh4n
Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder Moderate
CVE-2024-25112 was published for exiv2 (pip) Oct 17, 2024
westonsteimel
Exiv2 has an out-of-bounds read in QuickTimeVideo::NikonTagsDecoder Moderate
CVE-2024-24826 was published for exiv2 (pip) Oct 17, 2024
westonsteimel
MySQL Connector/Python connector takeover vulnerability High
CVE-2024-21272 was published for mysql-connector-python (pip) Oct 15, 2024
m3t3kh4n
Starlette Denial of service (DoS) via multipart/form-data High
CVE-2024-47874 was published for starlette (pip) Oct 15, 2024
defnull
changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution Critical
CVE-2024-32651 was published for changedetection.io (pip) Oct 15, 2024
edoardottt dgtlmoon
OpenCanary Executes Commands From Potentially Writable Config File Moderate
CVE-2024-48911 was published for OpenCanary (pip) Oct 14, 2024
0x0L0RD DavidBakerEffendi
AndreiDreyer
Lord of Large Language Models (LoLLMs) path traversal vulnerability in the api open_personality_folder endpoint Moderate
CVE-2024-6985 was published for lollms (pip) Oct 11, 2024
Lord of Large Language Models (LoLLMs) Server path traversal vulnerability in lollms_file_system.py Low
CVE-2024-6971 was published for lollms (pip) Oct 11, 2024
Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list Low
GHSA-26jh-r8g2-6fpr was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files Moderate
CVE-2024-47872 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Gradio uses insecure communication between the FRP client and server High
CVE-2024-47871 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database