Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,945
Erlang
29
GitHub Actions
16
Go
1,729
Maven
4,961
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,059 advisories

Clickjacking in zenml Moderate
CVE-2024-2383 was published for zenml (pip) Jun 6, 2024
Cross site scripting in zenml Low
CVE-2024-2171 was published for zenml (pip) Jun 6, 2024
Improper authentication in zenml Low
CVE-2024-2213 was published for zenml (pip) Jun 6, 2024
Remote code execution in mlflow Critical
CVE-2024-0520 was published for mlflow (pip) Jun 6, 2024
Jupyter server on Windows discloses Windows user password hash High
CVE-2024-35178 was published for jupyter_server (pip) Jun 6, 2024
nvn1729
Local file inclusion in gradio High
CVE-2024-4941 was published for gradio (pip) Jun 6, 2024
Remote code execution in pytorch lightning Critical
CVE-2024-5452 was published for lightning (pip) Jun 6, 2024
Server-Side Request Forgery in gradio High
CVE-2024-4325 was published for gradio (pip) Jun 6, 2024
Observable Timing Discrepancy in pypqc High
GHSA-hvh4-5qr6-3v7r was published for pypqc (pip) Jun 5, 2024
JamesTheAwesomeDude
PyMongo Out-of-bounds Read in the bson module Moderate
CVE-2024-5629 was published for pymongo (pip) Jun 5, 2024
Arbitrary JavaScript execution due to using outdated libraries Low
GHSA-4m3g-6r7g-jv4f was published for gradio_pdf (pip) Jun 5, 2024
isacaya
Skops unsafe deserialization High
CVE-2024-37065 was published for skops (pip) Jun 4, 2024
MLFlow improper input validation High
CVE-2024-37061 was published for mlflow (pip) Jun 4, 2024
ydata cross-site scripting High
CVE-2024-37063 was published for ydata-profiling (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37058 was published for mlflow (pip) Jun 4, 2024
ydata unsafe deserialization High
CVE-2024-37062 was published for ydata-profiling (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37057 was published for mlflow (pip) Jun 4, 2024
ydata unsafe deserialization High
CVE-2024-37064 was published for ydata-profiling (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37059 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37060 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37053 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37055 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37056 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37052 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37054 was published for mlflow (pip) Jun 4, 2024
ProTip! Advisories are also available from the GraphQL API