GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,255
Erlang
31
GitHub Actions
21
Go
2,019
Maven
5,000+
npm
3,727
NuGet
662
pip
3,405
Pub
12
RubyGems
890
Rust
862
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,405 advisories
Filter by severity
Apache Superset: Error verbosity exposes metadata in analytics databases
Moderate
CVE-2024-53948
was published
for
apache-superset
(pip)
Dec 9, 2024
Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled
High
CVE-2024-53949
was published
for
apache-superset
(pip)
Dec 9, 2024
Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions
Low
CVE-2024-53947
was published
for
apache-superset
(pip)
Dec 9, 2024
Django SQL injection in HasKey(lhs, rhs) on Oracle
High
CVE-2024-53908
was published
for
Django
(pip)
Dec 6, 2024
Django denial-of-service in django.utils.html.strip_tags()
Moderate
CVE-2024-53907
was published
for
Django
(pip)
Dec 6, 2024
Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality
Moderate
CVE-2024-53999
was published
for
mobsf
(pip)
Dec 3, 2024
Synapse Matrix has a partial room state leak via Sliding Sync
Moderate
CVE-2024-53867
was published
for
matrix-synapse
(pip)
Dec 3, 2024
Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders
High
CVE-2024-53863
was published
for
matrix-synapse
(pip)
Dec 3, 2024
Synapse allows a a malformed invite to break the invitee's `/sync`
High
CVE-2024-52815
was published
for
matrix-synapse
(pip)
Dec 3, 2024
Synapse allows unsupported content types to lead to memory exhaustion
High
CVE-2024-52805
was published
for
matrix-synapse
(pip)
Dec 3, 2024
Synapse's unauthenticated writes to the media repository allow planting of problematic content
Moderate
CVE-2024-37303
was published
for
matrix-synapse
(pip)
Dec 3, 2024
Synapse denial of service through media disk space consumption
High
CVE-2024-37302
was published
for
matrix-synapse
(pip)
Dec 3, 2024
Denial of service (DoS) via deformation `multipart/form-data` boundary
High
CVE-2024-53981
was published
for
python-multipart
(pip)
Dec 2, 2024
Python package "zhmcclient" stores passwords in clear text in its HMC and API logs
Moderate
CVE-2024-53865
was published
for
zhmcclient
(pip)
Dec 2, 2024
PyJWT Issuer field partial matches allowed
Low
CVE-2024-53861
was published
for
PyJWT
(pip)
Dec 2, 2024
check-jsonschema default caching for remote schemas allows for cache confusion
Moderate
CVE-2024-53848
was published
for
check-jsonschema
(pip)
Dec 2, 2024
pyspider Cross-site Scripting vulnerability
Moderate
CVE-2024-39162
was published
for
pyspider
(pip)
Nov 29, 2024
Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API
Low
CVE-2024-52008
was published
for
ethyca-fides
(pip)
Nov 26, 2024
aiocpa contains credential harvesting code
High
GHSA-486g-47cc-8wxf
was published
for
aiocpa
(pip)
Nov 25, 2024
MLflow's excessive directory permissions allow local privilege escalation
High
CVE-2024-27134
was published
for
mlflow
(pip)
Nov 25, 2024
libre-chat Path Traversal vulnerability
Moderate
CVE-2024-52787
was published
for
libre-chat
(pip)
Nov 25, 2024
OpenStack Neutron can use an incorrect ID during policy enforcement
Moderate
CVE-2024-53916
was published
for
neutron
(pip)
Nov 25, 2024
Sentry improper error handling leaks Application Integration Client Secret
Moderate
CVE-2024-53253
was published
for
sentry
(pip)
Nov 22, 2024
Tornado has an HTTP cookie parsing DoS vulnerability
High
CVE-2024-52804
was published
for
tornado
(pip)
Nov 22, 2024
GeoNode Server Side Request forgery
High
CVE-2023-40017
was published
for
geonode
(pip)
Nov 21, 2024
ProTip!
Advisories are also available from the
GraphQL API