GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,405 advisories
Filter by severity
Salt preflight script could be attacker controlled
Moderate
CVE-2023-34049
was published
for
salt
(pip)
Nov 14, 2024
wasm3 uncontrolled memory allocation vulnerability
Moderate
CVE-2024-27529
was published
for
github.com/shareup/wasm-interpreter-apple
(pip)
Nov 9, 2024
Gradio vulnerable to arbitrary file read with File and UploadButton components
Moderate
CVE-2024-51751
was published
for
gradio
(pip)
Nov 6, 2024
ansible-core Incorrect Authorization vulnerability
Moderate
CVE-2024-9902
was published
for
ansible-core
(pip)
Nov 6, 2024
OctoPrint has API key access in settings without reauthentication
Moderate
CVE-2024-51493
was published
for
OctoPrint
(pip)
Nov 5, 2024
OctoPrint Vulnerable to Reflected XSS in Jinja2 Templates
Moderate
CVE-2024-49377
was published
for
OctoPrint
(pip)
Nov 5, 2024
Langflow vulnerable to remote code execution
Moderate
CVE-2024-48061
was published
for
langflow
(pip)
Nov 5, 2024
gradio Server Side Request Forgery vulnerability
Moderate
CVE-2024-48052
was published
for
gradio
(pip)
Nov 5, 2024
Access control vulnerable to user data deletion by anonynmous users
Moderate
CVE-2024-51734
was published
for
AccessControl
(pip)
Nov 4, 2024
changedetection.io Path Traversal
Moderate
CVE-2024-51483
was published
for
changedetection.io
(pip)
Nov 1, 2024
Lollms vulnerable to Cross-site Scripting
Moderate
CVE-2024-6581
was published
for
lollms
(pip)
Oct 29, 2024
MPXJ has a Potential Path Traversal Vulnerability
Moderate
CVE-2024-49771
was published
for
MPXJ.Net
(RubyGems)
Oct 28, 2024
Werkzeug possible resource exhaustion when parsing file data in forms
Moderate
CVE-2024-49767
was published
for
quart
(pip)
Oct 25, 2024
Werkzeug safe_join not safe on Windows
Moderate
CVE-2024-49766
was published
for
Werkzeug
(pip)
Oct 25, 2024
The Snowflake Connector for Python stores sensitive data in logs
Moderate
CVE-2024-49750
was published
for
snowflake-connector-python
(pip)
Oct 24, 2024
Flair allows arbitrary code execution
Moderate
CVE-2024-10073
was published
for
flair
(pip)
Oct 17, 2024
Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder
Moderate
CVE-2024-25112
was published
for
exiv2
(pip)
Oct 17, 2024
Exiv2 has an out-of-bounds read in QuickTimeVideo::NikonTagsDecoder
Moderate
CVE-2024-24826
was published
for
exiv2
(pip)
Oct 17, 2024
OpenCanary Executes Commands From Potentially Writable Config File
Moderate
CVE-2024-48911
was published
for
OpenCanary
(pip)
Oct 14, 2024
Lord of Large Language Models (LoLLMs) path traversal vulnerability in the api open_personality_folder endpoint
Moderate
CVE-2024-6985
was published
for
lollms
(pip)
Oct 11, 2024
Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files
Moderate
CVE-2024-47872
was published
for
gradio
(pip)
Oct 10, 2024
Gradio performs a non-constant-time comparison when comparing hashes
Moderate
CVE-2024-47869
was published
for
gradio
(pip)
Oct 10, 2024
Gradio has several components with post-process steps allow arbitrary file leaks
Moderate
CVE-2024-47868
was published
for
gradio
(pip)
Oct 10, 2024
Gradio vulnerable to SSRF in the path parameter of /queue/join
Moderate
CVE-2024-47167
was published
for
gradio
(pip)
Oct 10, 2024
Gradio has a one-level read path traversal in `/custom_component`
Moderate
CVE-2024-47166
was published
for
gradio
(pip)
Oct 10, 2024
ProTip!
Advisories are also available from the
GraphQL API