Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,153
Maven
5,000+
npm
3,818
NuGet
693
pip
3,492
Pub
12
RubyGems
902
Rust
903
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,492 advisories

Loading
Deserialization of Untrusted Data in Hugging Face Transformers High
CVE-2024-11394 was published for transformers (pip) Nov 23, 2024
Fidget-Grep
Deserialization of Untrusted Data in Hugging Face Transformers High
CVE-2024-11392 was published for transformers (pip) Nov 23, 2024
Fidget-Grep
Deserialization of Untrusted Data in Hugging Face Transformers High
CVE-2024-11393 was published for transformers (pip) Nov 23, 2024
Fidget-Grep
Sentry improper error handling leaks Application Integration Client Secret Moderate
CVE-2024-53253 was published for sentry (pip) Nov 22, 2024
Christinarlong
Tornado has an HTTP cookie parsing DoS vulnerability High
CVE-2024-52804 was published for tornado (pip) Nov 22, 2024
kexinoh
GeoNode Server Side Request forgery High
CVE-2023-40017 was published for geonode (pip) Nov 21, 2024
ImThatT
LLama Factory Remote OS Command Injection Vulnerability High
CVE-2024-52803 was published for llamafactory (pip) Nov 21, 2024
superboy-zjc
Litestar allows unbounded resource consumption (DoS vulnerability) High
CVE-2024-52581 was published for litestar (pip) Nov 20, 2024
defnull
django CMS Attributes Field Cross-site Scripting Moderate
CVE-2024-11406 was published for djangocms-attributes-field (pip) Nov 20, 2024
django Filer Unrestricted Upload of File with Dangerous Type Moderate
CVE-2024-11404 was published for django-filer (pip) Nov 20, 2024
HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through High
CVE-2024-52595 was published for lxml-html-clean (pip) Nov 19, 2024
JorianWoltjer frenzymadness
aiohttp allows request smuggling due to incorrect parsing of chunk extensions Moderate
CVE-2024-52304 was published for aiohttp (pip) Nov 18, 2024
JeppW
aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method Moderate
CVE-2024-52303 was published for aiohttp (pip) Nov 18, 2024
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes Critical
CVE-2024-47533 was published for cobbler (pip) Nov 18, 2024
opoplawski
django CMS Cross-Site Scripting (XSS) Moderate
CVE-2024-11319 was published for django-cms (pip) Nov 18, 2024
OpenStack improperly deletes access rules Moderate
CVE-2023-6110 was published for python-openstackclient (pip) Nov 17, 2024
Generation of Error Message Containing Sensitive Information in janeczku/calibre-web Moderate
CVE-2021-3986 was published for calibreweb (pip) Nov 15, 2024
Cross-site Scripting (XSS) - DOM in janeczku/calibre-web Moderate
CVE-2021-3988 was published for calibreweb (pip) Nov 15, 2024
Improper Access Control in janeczku/calibre-web Moderate
CVE-2021-3987 was published for calibreweb (pip) Nov 15, 2024
Apache Airflow: Sensitive configuration values are not masked in the logs by default High
CVE-2024-45784 was published for airflow (pip) Nov 15, 2024
ReDoS in giskard's transformation.py (GHSL-2024-324) Moderate
CVE-2024-52524 was published for giskard (pip) Nov 14, 2024
kevinbackhouse
Missing ratelimit on passwrod resets in zenml Moderate
CVE-2024-4311 was published for zenml (pip) Nov 14, 2024
Salt preflight script could be attacker controlled Moderate
CVE-2023-34049 was published for salt (pip) Nov 14, 2024
TorchGeo Remote Code Execution Vulnerability High
CVE-2024-49048 was published for torchgeo (pip) Nov 12, 2024
LightGBM Remote Code Execution Vulnerability High
CVE-2024-43598 was published for lightgbm (pip) Nov 12, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database