GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,319
Erlang
31
GitHub Actions
21
Go
2,077
Maven
5,000+
npm
3,746
NuGet
674
pip
3,435
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+
3,435 advisories
Filter by severity
Sentry's improper authentication on SAML SSO process allows user impersonation
Critical
CVE-2025-22146
was published
for
sentry
(pip)
Jan 15, 2025
Django has a potential denial-of-service vulnerability in IPv6 validation
Moderate
CVE-2024-56374
was published
for
Django
(pip)
Jan 14, 2025
Vyper Does Not Check the Success of Certain Precompile Calls
Low
CVE-2025-21607
was published
for
vyper
(pip)
Jan 14, 2025
Gradio Blocked Path ACL Bypass Vulnerability
Critical
CVE-2025-23042
was published
for
gradio
(pip)
Jan 14, 2025
Rasa Allows Remote Code Execution via Remote Model Loading
Critical
CVE-2024-49375
was published
for
rasa
(pip)
Jan 14, 2025
Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution
Low
CVE-2025-22151
was published
for
strawberry-graphql
(pip)
Jan 9, 2025
pgAdmin has Incorrect Default Permissions
High
CVE-2023-1907
was published
for
pgadmin4
(pip)
Jan 9, 2025
GHSL-2024-288: SickChill open redirect in login
Low
CVE-2024-53995
was published
for
sickchill
(pip)
Jan 8, 2025
keras Path Traversal vulnerability
Moderate
CVE-2024-55459
was published
for
keras
(pip)
Jan 8, 2025
Apache Airflow Fab Provider Insufficient Session Expiration vulnerability
Low
CVE-2024-45033
was published
for
apache-airflow-providers-fab
(pip)
Jan 8, 2025
khoj has an IDOR in subscription management allows unauthorized subscription modifications
Moderate
CVE-2024-52294
was published
for
khoj
(pip)
Dec 30, 2024
Letta (previously MemGPT) incorrect access control vulnerability
High
CVE-2024-39025
was published
for
letta
(pip)
Dec 27, 2024
changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal
High
CVE-2024-56509
was published
for
changedetection.io
(pip)
Dec 27, 2024
python-sql SQL injection vulnerability
Moderate
CVE-2024-9774
was published
for
python-sql
(pip)
Dec 27, 2024
Amazon Redshift Python Connector vulnerable to SQL Injection
High
CVE-2024-12745
was published
for
redshift_connector
(pip)
Dec 26, 2024
Jinja has a sandbox breakout through indirect reference to format method
Moderate
CVE-2024-56326
was published
for
jinja2
(pip)
Dec 23, 2024
Jinja has a sandbox breakout through malicious filenames
Moderate
CVE-2024-56201
was published
for
jinja2
(pip)
Dec 23, 2024
pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
High
CVE-2024-56327
was published
for
pyrage
(pip)
Dec 19, 2024
PGHoard Path Traversal vulnerability
Moderate
CVE-2024-56142
was published
for
pghoard
(pip)
Dec 17, 2024
D-Tale allows Remote Code Execution through the Custom Filter Input
Moderate
CVE-2024-55890
was published
for
dtale
(pip)
Dec 13, 2024
Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access
High
CVE-2024-55633
was published
for
apache-superset
(pip)
Dec 12, 2024
python-libarchive directory traversal
High
CVE-2024-55587
was published
for
python-libarchive
(pip)
Dec 12, 2024
ProTip!
Advisories are also available from the
GraphQL API