GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,407 advisories
Filter by severity
Jinja has a sandbox breakout through indirect reference to format method
Moderate
CVE-2024-56326
was published
for
jinja2
(pip)
Dec 23, 2024
Jinja has a sandbox breakout through malicious filenames
Moderate
CVE-2024-56201
was published
for
jinja2
(pip)
Dec 23, 2024
PGHoard Path Traversal vulnerability
Moderate
CVE-2024-56142
was published
for
pghoard
(pip)
Dec 17, 2024
D-Tale allows Remote Code Execution through the Custom Filter Input
Moderate
CVE-2024-55890
was published
for
dtale
(pip)
Dec 13, 2024
unstructured XML External Entity (XXE)
Moderate
CVE-2024-46455
was published
for
unstructured
(pip)
Dec 9, 2024
Apache Superset: Error verbosity exposes metadata in analytics databases
Moderate
CVE-2024-53948
was published
for
apache-superset
(pip)
Dec 9, 2024
Django denial-of-service in django.utils.html.strip_tags()
Moderate
CVE-2024-53907
was published
for
Django
(pip)
Dec 6, 2024
Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality
Moderate
CVE-2024-53999
was published
for
mobsf
(pip)
Dec 3, 2024
Synapse Matrix has a partial room state leak via Sliding Sync
Moderate
CVE-2024-53867
was published
for
matrix-synapse
(pip)
Dec 3, 2024
Synapse's unauthenticated writes to the media repository allow planting of problematic content
Moderate
CVE-2024-37303
was published
for
matrix-synapse
(pip)
Dec 3, 2024
Python package "zhmcclient" stores passwords in clear text in its HMC and API logs
Moderate
CVE-2024-53865
was published
for
zhmcclient
(pip)
Dec 2, 2024
check-jsonschema default caching for remote schemas allows for cache confusion
Moderate
CVE-2024-53848
was published
for
check-jsonschema
(pip)
Dec 2, 2024
pyspider Cross-site Scripting vulnerability
Moderate
CVE-2024-39162
was published
for
pyspider
(pip)
Nov 29, 2024
libre-chat Path Traversal vulnerability
Moderate
CVE-2024-52787
was published
for
libre-chat
(pip)
Nov 25, 2024
OpenStack Neutron can use an incorrect ID during policy enforcement
Moderate
CVE-2024-53916
was published
for
neutron
(pip)
Nov 25, 2024
Sentry improper error handling leaks Application Integration Client Secret
Moderate
CVE-2024-53253
was published
for
sentry
(pip)
Nov 22, 2024
django CMS Attributes Field Cross-site Scripting
Moderate
CVE-2024-11406
was published
for
djangocms-attributes-field
(pip)
Nov 20, 2024
django Filer Unrestricted Upload of File with Dangerous Type
Moderate
CVE-2024-11404
was published
for
django-filer
(pip)
Nov 20, 2024
aiohttp allows request smuggling due to incorrect parsing of chunk extensions
Moderate
CVE-2024-52304
was published
for
aiohttp
(pip)
Nov 18, 2024
aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method
Moderate
CVE-2024-52303
was published
for
aiohttp
(pip)
Nov 18, 2024
django CMS Cross-Site Scripting (XSS)
Moderate
CVE-2024-11319
was published
for
django-cms
(pip)
Nov 18, 2024
OpenStack improperly deletes access rules
Moderate
CVE-2023-6110
was published
for
python-openstackclient
(pip)
Nov 17, 2024
Improper Access Control in janeczku/calibre-web
Moderate
CVE-2021-3987
was published
for
calibreweb
(pip)
Nov 15, 2024
Generation of Error Message Containing Sensitive Information in janeczku/calibre-web
Moderate
CVE-2021-3986
was published
for
calibreweb
(pip)
Nov 15, 2024
Cross-site Scripting (XSS) - DOM in janeczku/calibre-web
Moderate
CVE-2021-3988
was published
for
calibreweb
(pip)
Nov 15, 2024
ProTip!
Advisories are also available from the
GraphQL API