Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

1,320 advisories

Loading
nbgrader's `frame-ancestors: self` grants all users access to formgrader High
CVE-2025-23205 was published for nbgrader (pip) Jan 17, 2025
djoser Authentication Bypass High
CVE-2024-21543 was published for djoser (pip) Dec 13, 2024
luigi Arbitrary File Write via Archive Extraction (Zip Slip) High
CVE-2024-21542 was published for luigi (pip) Dec 10, 2024
Django SQL injection in HasKey(lhs, rhs) on Oracle High
CVE-2024-53908 was published for Django (pip) Dec 6, 2024
HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through High
CVE-2024-52595 was published for lxml-html-clean (pip) Nov 19, 2024
JorianWoltjer frenzymadness
Scrapy vulnerable to ReDoS via XMLFeedSpider High
CVE-2024-1892 was published for scrapy (pip) Feb 15, 2024
nicecatch2000
Potential buffer overflow in CBOR2 decoder High
CVE-2024-26134 was published for cbor2 (pip) Feb 21, 2024
miri64
virtualenv allows command injection through activation scripts for a virtual environment High
CVE-2024-53899 was published for virtualenv (pip) Nov 24, 2024
lboynton
pgAdmin has Incorrect Default Permissions High
CVE-2023-1907 was published for pgadmin4 (pip) Jan 9, 2025
Reportlab vulnerable to remote code execution High
CVE-2023-33733 was published for reportlab (pip) Jun 5, 2023
m3t3kh4n
NiceGUI On Air authentication issue High
CVE-2025-21618 was published for nicegui (pip) Jan 6, 2025
streamcfd rodja
Letta (previously MemGPT) incorrect access control vulnerability High
CVE-2024-39025 was published for letta (pip) Dec 27, 2024
changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal High
CVE-2024-56509 was published for changedetection.io (pip) Dec 27, 2024
vicevirus
Amazon Redshift Python Connector vulnerable to SQL Injection High
CVE-2024-12745 was published for redshift_connector (pip) Dec 26, 2024
alikrubin
pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution High
CVE-2024-56327 was published for pyrage (pip) Dec 19, 2024
gaby woodruffw
Request smuggling leading to endpoint restriction bypass in Gunicorn High
CVE-2024-1135 was published for gunicorn (pip) Apr 16, 2024
Django vulnerable to Reflected File Download attack High
CVE-2022-36359 was published for Django (pip) Aug 11, 2022
sunSUNQ levpachmanov
G-Rath
`Cookie` HTTP header isn't stripped on cross-origin redirects High
CVE-2023-43804 was published for urllib3 (pip) Oct 2, 2023
ranjit-git pquentin
illia-v sethmlarson
Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access High
CVE-2024-55633 was published for apache-superset (pip) Dec 12, 2024
python-libarchive directory traversal High
CVE-2024-55587 was published for python-libarchive (pip) Dec 12, 2024
pyspider Cross-Site Request Forgery (CSRF) via the Flask endpoints High
CVE-2024-39163 was published for pyspider (pip) Dec 4, 2024
Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled High
CVE-2024-53949 was published for apache-superset (pip) Dec 9, 2024
Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders High
CVE-2024-53863 was published for matrix-synapse (pip) Dec 3, 2024
Synapse allows a a malformed invite to break the invitee's `/sync` High
CVE-2024-52815 was published for matrix-synapse (pip) Dec 3, 2024
Synapse allows unsupported content types to lead to memory exhaustion High
CVE-2024-52805 was published for matrix-synapse (pip) Dec 3, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database