Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

3,435 advisories

Loading
Sentry's improper authentication on SAML SSO process allows user impersonation Critical
CVE-2025-22146 was published for sentry (pip) Jan 15, 2025
Muhammad-Qasim-Munir
Django has a potential denial-of-service vulnerability in IPv6 validation Moderate
CVE-2024-56374 was published for Django (pip) Jan 14, 2025
Vyper Does Not Check the Success of Certain Precompile Calls Low
CVE-2025-21607 was published for vyper (pip) Jan 14, 2025
ritzdorf vasinicola
trocher
Gradio Blocked Path ACL Bypass Vulnerability Critical
CVE-2025-23042 was published for gradio (pip) Jan 14, 2025
superboy-zjc jackfromeast
Rasa Allows Remote Code Execution via Remote Model Loading Critical
CVE-2024-49375 was published for rasa (pip) Jan 14, 2025
pgAdmin has Incorrect Default Permissions High
CVE-2023-1907 was published for pgadmin4 (pip) Jan 9, 2025
GHSL-2024-288: SickChill open redirect in login Low
CVE-2024-53995 was published for sickchill (pip) Jan 8, 2025
keras Path Traversal vulnerability Moderate
CVE-2024-55459 was published for keras (pip) Jan 8, 2025
Apache Airflow Fab Provider Insufficient Session Expiration vulnerability Low
CVE-2024-45033 was published for apache-airflow-providers-fab (pip) Jan 8, 2025
NiceGUI On Air authentication issue High
CVE-2025-21618 was published for nicegui (pip) Jan 6, 2025
streamcfd rodja
khoj has an IDOR in subscription management allows unauthorized subscription modifications Moderate
CVE-2024-52294 was published for khoj (pip) Dec 30, 2024
adventure8812 r0path
Letta (previously MemGPT) incorrect access control vulnerability High
CVE-2024-39025 was published for letta (pip) Dec 27, 2024
changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal High
CVE-2024-56509 was published for changedetection.io (pip) Dec 27, 2024
vicevirus
python-sql SQL injection vulnerability Moderate
CVE-2024-9774 was published for python-sql (pip) Dec 27, 2024
Amazon Redshift Python Connector vulnerable to SQL Injection High
CVE-2024-12745 was published for redshift_connector (pip) Dec 26, 2024
alikrubin
Koji Cross-site Scripting Moderate
CVE-2024-9427 was published for koji (pip) Dec 24, 2024
Jinja has a sandbox breakout through indirect reference to format method Moderate
CVE-2024-56326 was published for jinja2 (pip) Dec 23, 2024
Lydxn despawningbone
Jinja has a sandbox breakout through malicious filenames Moderate
CVE-2024-56201 was published for jinja2 (pip) Dec 23, 2024
sleiner sisp
frenzymadness
PGHoard Path Traversal vulnerability Moderate
CVE-2024-56142 was published for pghoard (pip) Dec 17, 2024
jserran1
D-Tale allows Remote Code Execution through the Custom Filter Input Moderate
CVE-2024-55890 was published for dtale (pip) Dec 13, 2024
TaiPhung217
djoser Authentication Bypass High
CVE-2024-21543 was published for djoser (pip) Dec 13, 2024
Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access High
CVE-2024-55633 was published for apache-superset (pip) Dec 12, 2024
python-libarchive directory traversal High
CVE-2024-55587 was published for python-libarchive (pip) Dec 12, 2024
ProTip! Advisories are also available from the GraphQL API