GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
153 advisories
Filter by severity
Products.CMFPlone Open Redirect Vulnerability
Moderate
CVE-2017-1000481
was published
for
Plone
(pip)
May 14, 2022
Taipy has a Session Cookie without Secure and HTTPOnly flags
Moderate
CVE-2024-47833
was published
for
taipy
(pip)
Aug 27, 2024
Apache Spark vulnerable to Log Injection
Moderate
CVE-2022-31777
was published
for
org.apache.spark:spark-core
(Maven)
Nov 1, 2022
Null pointer dereference in PKCS12 parsing
Moderate
CVE-2024-0727
was published
for
cryptography
(pip)
Jan 26, 2024
Manipulated inline images can cause Infinite Loop in PyPDF2
Moderate
CVE-2022-24859
was published
for
PyPDF2
(pip)
Apr 22, 2022
Gradio has several components with post-process steps allow arbitrary file leaks
Moderate
CVE-2024-47868
was published
for
gradio
(pip)
Oct 10, 2024
Gradio vulnerable to SSRF in the path parameter of /queue/join
Moderate
CVE-2024-47167
was published
for
gradio
(pip)
Oct 10, 2024
Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files
Moderate
CVE-2024-47872
was published
for
gradio
(pip)
Oct 10, 2024
Deserialization of Untrusted Data in parlai
Moderate
CVE-2021-39207
was published
for
parlai
(pip)
Sep 13, 2021
Cross-site scripting in papermerge
Moderate
CVE-2020-29456
was published
for
papermerge
(pip)
Apr 20, 2021
OpenZeppelin Contracts contains Improper Verification of Cryptographic Signature
Moderate
CVE-2023-23940
was published
for
openzeppelin-cairo-contracts
(pip)
Feb 2, 2023
OMERO-web Sensitive Data Exposure
Moderate
CVE-2020-7932
was published
for
omero-web
(pip)
May 24, 2022
OAuthLib vulnerable to DoS when attacker provides malicious IPV6 URI
Moderate
CVE-2022-36087
was published
for
oauthlib
(pip)
Sep 16, 2022
malicious SVG attachment causing stored XSS vulnerability
Moderate
CVE-2020-15275
was published
for
moin
(pip)
Nov 11, 2020
Inventree Server-Side Request Forgery vulnerability exposes server port/internal IP
Moderate
GHSA-vx3h-qwqw-r2wq
was published
for
inventree
(pip)
Oct 2, 2024
Arbitrary file write in mindsdb when Extracting Tarballs retrieved from a remote location
Moderate
CVE-2022-23522
was published
for
mindsdb
(pip)
Mar 30, 2023
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews
Moderate
CVE-2023-32683
was published
for
matrix-synapse
(pip)
Jun 6, 2023
Denial of service attack via .well-known lookups
Moderate
CVE-2021-21274
was published
for
matrix-synapse
(pip)
Mar 1, 2021
Improper Neutralization of Input During Web Page Generation in Jupyter Notebook
Moderate
CVE-2019-9644
was published
for
jupyter-notebook
(pip)
May 14, 2022
Indico has a Cross-Site-Scripting during account creation
Moderate
CVE-2024-45399
was published
for
indico
(pip)
Sep 4, 2024
Jupyter Server open redirect vulnerability
Moderate
CVE-2020-26275
was published
for
jupyter-server
(pip)
Dec 21, 2020
Open Redirect Vulnerability in jupyter-server
Moderate
CVE-2023-39968
was published
for
jupyter-server
(pip)
Aug 29, 2023
matrix-synapse vulnerable to denial of service due to malicious server ACL events
Moderate
CVE-2023-45129
was published
for
matrix-synapse
(pip)
Oct 10, 2023
ProTip!
Advisories are also available from the
GraphQL API