GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,419 advisories
Amazon Redshift Python Connector vulnerable to SQL Injection
High
CVE-2024-12745
was published
for
redshift_connector
(pip)
Dec 26, 2024
Jinja has a sandbox breakout through indirect reference to format method
Moderate
CVE-2024-56326
was published
for
jinja2
(pip)
Dec 23, 2024
Jinja has a sandbox breakout through malicious filenames
Moderate
CVE-2024-56201
was published
for
jinja2
(pip)
Dec 23, 2024
pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
High
CVE-2024-56327
was published
for
pyrage
(pip)
Dec 19, 2024
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects
Moderate
CVE-2024-37891
was published
for
urllib3
(pip)
Jun 17, 2024
Django vulnerable to Reflected File Download attack
High
CVE-2022-36359
was published
for
Django
(pip)
Aug 11, 2022
PGHoard Path Traversal vulnerability
Moderate
CVE-2024-56142
was published
for
pghoard
(pip)
Dec 17, 2024
OctoPrint has API key access in settings without reauthentication
Moderate
CVE-2024-51493
was published
for
OctoPrint
(pip)
Nov 5, 2024
Ansible-Core vulnerable to content protections bypass
Low
CVE-2024-11079
was published
for
ansible-core
(pip)
Nov 12, 2024
configobj ReDoS exploitable by developer using values in a server-side configuration file
Low
CVE-2023-26112
was published
for
configobj
(pip)
Apr 3, 2023
D-Tale allows Remote Code Execution through the Custom Filter Input
Moderate
CVE-2024-55890
was published
for
dtale
(pip)
Dec 13, 2024
`Cookie` HTTP header isn't stripped on cross-origin redirects
High
CVE-2023-43804
was published
for
urllib3
(pip)
Oct 2, 2023
sigstore has insufficient validation of integration timestamp during verification
Low
CVE-2024-55655
was published
for
sigstore
(pip)
Dec 11, 2024
ProTip!
Advisories are also available from the
GraphQL API