GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
266 advisories
Ansible-Core vulnerable to content protections bypass
Low
CVE-2024-11079
was published
for
ansible-core
(pip)
Nov 12, 2024
PyJWT Issuer field partial matches allowed
Low
CVE-2024-53861
was published
for
PyJWT
(pip)
Dec 2, 2024
Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API
Low
CVE-2024-52008
was published
for
ethyca-fides
(pip)
Nov 26, 2024
Vyper's external calls can overflow return data to return input buffer
Low
CVE-2024-24560
was published
for
vyper
(pip)
Feb 2, 2024
PyDrive2's unsafe YAML deserialization in LoadSettingsFile allows arbitrary code execution
Low
CVE-2023-49297
was published
for
PyDrive2
(pip)
Dec 5, 2023
Nautobot missing object-level permissions enforcement when running Job Buttons
Low
CVE-2023-51649
was published
for
nautobot
(pip)
Dec 22, 2023
Unauthenticated db-file-storage views
Low
CVE-2023-50263
was published
for
nautobot
(pip)
Dec 13, 2023
Incorrect parsing of nameless cookies leads to __Host- cookies bypass
Low
CVE-2023-23934
was published
for
Werkzeug
(pip)
Feb 15, 2023
Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request
Low
CVE-2020-15239
was published
for
xmpp-http-upload
(pip)
Oct 6, 2020
dbt has an implicit override for built-in materializations from installed packages
Low
CVE-2024-40637
was published
for
dbt-core
(pip)
Jul 17, 2024
Weblate vulnerable to improper sanitization of project backups
Low
CVE-2024-39303
was published
for
Weblate
(pip)
Jul 1, 2024
Incorrect signature verification in django-ses
Low
CVE-2023-33185
was published
for
django-ses
(pip)
May 22, 2023
ProTip!
Advisories are also available from the
GraphQL API