Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

153 advisories

Loading
Products.CMFPlone Open Redirect Vulnerability Moderate
CVE-2017-1000481 was published for Plone (pip) May 14, 2022
Taipy has a Session Cookie without Secure and HTTPOnly flags Moderate
CVE-2024-47833 was published for taipy (pip) Aug 27, 2024
mbiesiad
Apache Spark vulnerable to Log Injection Moderate
CVE-2022-31777 was published for org.apache.spark:spark-core (Maven) Nov 1, 2022
kurt-r2c
Null pointer dereference in PKCS12 parsing Moderate
CVE-2024-0727 was published for cryptography (pip) Jan 26, 2024
m3t3kh4n
Manipulated inline images can cause Infinite Loop in PyPDF2 Moderate
CVE-2022-24859 was published for PyPDF2 (pip) Apr 22, 2022
Clickjacking in zenml Moderate
CVE-2024-2383 was published for zenml (pip) Jun 6, 2024
Gradio has several components with post-process steps allow arbitrary file leaks Moderate
CVE-2024-47868 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Gradio vulnerable to SSRF in the path parameter of /queue/join Moderate
CVE-2024-47167 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files Moderate
CVE-2024-47872 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Deserialization of Untrusted Data in parlai Moderate
CVE-2021-39207 was published for parlai (pip) Sep 13, 2021
Anon-Artist
Cross-site scripting in papermerge Moderate
CVE-2020-29456 was published for papermerge (pip) Apr 20, 2021
OpenZeppelin Contracts contains Improper Verification of Cryptographic Signature Moderate
CVE-2023-23940 was published for openzeppelin-cairo-contracts (pip) Feb 2, 2023
OMERO-web Sensitive Data Exposure Moderate
CVE-2020-7932 was published for omero-web (pip) May 24, 2022
OAuthLib vulnerable to DoS when attacker provides malicious IPV6 URI Moderate
CVE-2022-36087 was published for oauthlib (pip) Sep 16, 2022
SCH227 loljawn
malicious SVG attachment causing stored XSS vulnerability Moderate
CVE-2020-15275 was published for moin (pip) Nov 11, 2020
Inventree Server-Side Request Forgery vulnerability exposes server port/internal IP Moderate
GHSA-vx3h-qwqw-r2wq was published for inventree (pip) Oct 2, 2024
febin0x10 SchrodingersGat
Arbitrary file write in mindsdb when Extracting Tarballs retrieved from a remote location Moderate
CVE-2022-23522 was published for mindsdb (pip) Mar 30, 2023
Sim4n6
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews Moderate
CVE-2023-32683 was published for matrix-synapse (pip) Jun 6, 2023
Denial of service attack via .well-known lookups Moderate
CVE-2021-21274 was published for matrix-synapse (pip) Mar 1, 2021
mscherer
Improper Neutralization of Input During Web Page Generation in Jupyter Notebook Moderate
CVE-2019-9644 was published for jupyter-notebook (pip) May 14, 2022
NumPy Buffer Overflow (Disputed) Moderate
CVE-2021-33430 was published for numpy (pip) Jan 7, 2022
Indico has a Cross-Site-Scripting during account creation Moderate
CVE-2024-45399 was published for indico (pip) Sep 4, 2024
Jupyter Server open redirect vulnerability Moderate
CVE-2020-26275 was published for jupyter-server (pip) Dec 21, 2020
Yaniv-git
Open Redirect Vulnerability in jupyter-server Moderate
CVE-2023-39968 was published for jupyter-server (pip) Aug 29, 2023
davwwwx
matrix-synapse vulnerable to denial of service due to malicious server ACL events Moderate
CVE-2023-45129 was published for matrix-synapse (pip) Oct 10, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database