GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,944
Erlang
29
GitHub Actions
16
Go
1,729
Maven
4,955
npm
3,489
NuGet
607
pip
3,056
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,056 advisories
Filter by severity
RunGptLLM class in LlamaIndex has a command injection
High
CVE-2024-4181
was published
for
llama-index
(pip)
May 16, 2024
MLflow allows low privilege users to delete any artifact
Moderate
CVE-2024-4263
was published
for
mlflow
(pip)
May 16, 2024
Scrapy allows redirect following in protocols other than HTTP
Moderate
GHSA-23j4-mw76-5v7h
was published
for
Scrapy
(pip)
May 14, 2024
Scrapy's redirects ignoring scheme-specific proxy settings
Moderate
GHSA-jm3v-qxmh-hxwv
was published
for
Scrapy
(pip)
May 14, 2024
Scrapy leaks the authorization header on same-domain but cross-origin redirects
Moderate
CVE-2024-1968
was published
for
Scrapy
(pip)
May 14, 2024
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
High
CVE-2024-32977
was published
for
OctoPrint
(pip)
May 14, 2024
Apache Airflow: XSS vulnerability in Task Instance Log/Log Details
Moderate
CVE-2024-32077
was published
for
apache-airflow
(pip)
May 14, 2024
Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages
High
CVE-2024-34707
was published
for
nautobot
(pip)
May 13, 2024
llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata
Critical
CVE-2024-34359
was published
for
llama-cpp-python
(pip)
May 13, 2024
Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service
Critical
CVE-2024-32874
was published
for
frigate
(pip)
May 9, 2024
Apache Superset Incorrect Authorization vulnerability
Moderate
CVE-2024-28148
was published
for
apache-superset
(pip)
May 7, 2024
Arbitrary HTML present after sanitization because of unicode normalization
High
CVE-2024-34078
was published
for
html-sanitizer
(pip)
May 6, 2024
Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain
High
CVE-2024-34069
was published
for
Werkzeug
(pip)
May 6, 2024
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
Moderate
CVE-2024-34064
was published
for
Jinja2
(pip)
May 6, 2024
Litestar and Starlite vulnerable to Path Traversal
High
CVE-2024-32982
was published
for
litestar
(pip)
May 6, 2024
WordOps has TOCTOU race condition
Moderate
CVE-2024-34528
was published
for
wordops
(pip)
May 6, 2024
Nebari prints temporary Keycloak root password
Moderate
CVE-2024-34529
was published
for
nebari
(pip)
May 6, 2024
Gradio's Component Server does not properly consider` _is_server_fn` for functions
Moderate
CVE-2024-34511
was published
for
gradio
(pip)
May 5, 2024
sagemaker-python-sdk Command Injection vulnerability
High
CVE-2024-34073
was published
for
sagemaker
(pip)
May 3, 2024
ProTip!
Advisories are also available from the
GraphQL API