Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,944
Erlang
29
GitHub Actions
16
Go
1,729
Maven
4,955
npm
3,489
NuGet
607
pip
3,056
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,056 advisories

Jupyter Server Proxy has a reflected XSS issue in host parameter Critical
CVE-2024-35225 was published for jupyter-server-proxy (pip) Jun 11, 2024
dlqqq
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection Critical
CVE-2024-37301 was published for document-merge-service (pip) Jun 11, 2024
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability Moderate
CVE-2024-35255 was published for @azure/identity (Go) Jun 11, 2024
Langflow remote code execution vulnerability High
CVE-2024-37014 was published for langflow (pip) Jun 10, 2024
lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management Critical
CVE-2024-5389 was published for lunary (pip) Jun 10, 2024
Authlib has algorithm confusion with asymmetric public keys High
CVE-2024-37568 was published for authlib (pip) Jun 9, 2024
zenml-io/zenml does not expire the session after password reset Low
CVE-2024-4680 was published for zenml (pip) Jun 8, 2024
ebookmeta XML External Entity vulnerability High
CVE-2024-36827 was published for ebookmeta (pip) Jun 7, 2024
ebookmeta XML External Entity vulnerability Critical
CVE-2024-37388 was published for ebookmeta (pip) Jun 7, 2024
Tornado has a CRLF injection in CurlAsyncHTTPClient headers Moderate
GHSA-w235-7p84-xx57 was published for tornado (pip) Jun 6, 2024
sha0sum mschwager
ahpaleus
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado Moderate
GHSA-753j-mpmx-qq6g was published for tornado (pip) Jun 6, 2024
Authentication bypass in dtale Critical
CVE-2024-3408 was published for dtale (pip) Jun 6, 2024
SQL injection in litellm Moderate
CVE-2024-4890 was published for litellm (pip) Jun 6, 2024
SQL injection in litellm Moderate
CVE-2024-5225 was published for litellm (pip) Jun 6, 2024
Arbitrary file deletion in litellm Moderate
CVE-2024-4888 was published for litellm (pip) Jun 6, 2024
Arbitrary system path lookup in h20 Moderate
CVE-2024-5550 was published for h2o (pip) Jun 6, 2024
Denial of service in langchain Moderate
CVE-2024-2965 was published for langchain (pip) Jun 6, 2024
Improper authorization in zenml Moderate
CVE-2024-2035 was published for zenml (pip) Jun 6, 2024
Server-Side Request Forgery in langchain Moderate
CVE-2024-3095 was published for langchain (pip) Jun 6, 2024
Race condition in zenml Low
CVE-2024-2032 was published for zenml (pip) Jun 6, 2024
Local File Inclusion in mlflow High
CVE-2024-2928 was published for mlflow (pip) Jun 6, 2024
Undefined Behavior in mlflow Moderate
CVE-2024-3099 was published for mlflow (pip) Jun 6, 2024
Clickjacking in zenml Moderate
CVE-2024-2383 was published for zenml (pip) Jun 6, 2024
Cross site scripting in zenml Low
CVE-2024-2171 was published for zenml (pip) Jun 6, 2024
Improper authentication in zenml Low
CVE-2024-2213 was published for zenml (pip) Jun 6, 2024
ProTip! Advisories are also available from the GraphQL API