Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
33
GitHub Actions
22
Go
2,121
Maven
5,000+
npm
3,783
NuGet
683
pip
3,465
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,465 advisories

Loading
Certifi removes GLOBALTRUST root certificate Low
CVE-2024-39689 was published for certifi (pip) Jul 5, 2024
Kwpolska pcreager23
PandasAI interactive prompt function Remote Code Execution (RCE) Critical
CVE-2024-12366 was published for pandasai (pip) Feb 11, 2025
Vulnerable OpenSSL included in cryptography wheels Low
CVE-2024-12797 was published for cryptography (pip) Feb 11, 2025
pgAdmin Remote Code Execution (RCE) vulnerability High
CVE-2024-3116 was published for pgadmin4 (pip) Apr 4, 2024
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used Moderate
CVE-2024-31869 was published for apache-airflow (pip) Apr 18, 2024
Apache Superset server arbitrary file read Moderate
CVE-2024-34693 was published for apache-superset (pip) Jun 20, 2024
Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled High
CVE-2024-53949 was published for apache-superset (pip) Dec 9, 2024
Apache Superset: Error verbosity exposes metadata in analytics databases Moderate
CVE-2024-53948 was published for apache-superset (pip) Dec 9, 2024
Allegro Tech BigFlow vulnerable to Missing SSL Certificate Validation Moderate
CVE-2023-25392 was published for bigflow (pip) Apr 10, 2023
Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access High
CVE-2024-55633 was published for apache-superset (pip) Dec 12, 2024
Deserialization of Untrusted Data in Hugging Face Transformers High
CVE-2024-11393 was published for transformers (pip) Nov 23, 2024
Deserialization of Untrusted Data in Hugging Face Transformers High
CVE-2024-11394 was published for transformers (pip) Nov 23, 2024
Deserialization of Untrusted Data in Hugging Face Transformers High
CVE-2024-11392 was published for transformers (pip) Nov 23, 2024
luigi Arbitrary File Write via Archive Extraction (Zip Slip) High
CVE-2024-21542 was published for luigi (pip) Dec 10, 2024
Ansible vulnerable to Insertion of Sensitive Information into Log File High
CVE-2024-8775 was published for ansible-core (pip) Sep 16, 2024
vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache Low
CVE-2025-25183 was published for vllm (pip) Feb 6, 2025
kexinoh
ESPHome vulnerable to remote code execution via arbitrary file write High
CVE-2024-27081 was published for esphome (pip) Mar 1, 2024
xml2rfc has file inclusion irregularities Moderate
GHSA-432c-wxpg-m4q3 was published for xml2rfc (pip) Feb 7, 2025
Koji Cross-site Scripting Moderate
CVE-2024-9427 was published for koji (pip) Dec 24, 2024
python-sql SQL injection vulnerability Moderate
CVE-2024-9774 was published for python-sql (pip) Dec 27, 2024
Mitmweb API Authentication Bypass Using Proxy Server High
CVE-2025-23217 was published for mitmproxy (pip) Feb 6, 2025
gronke mhils
pgAdmin has Incorrect Default Permissions High
CVE-2023-1907 was published for pgadmin4 (pip) Jan 9, 2025
cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override High
CVE-2024-26130 was published for cryptography (pip) Feb 21, 2024
Alexander-Programming cd-work
pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string Critical
CVE-2024-23346 was published for pymatgen (pip) Feb 21, 2024
SteakEnthusiast mkhorton
HTTPie allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack High
CVE-2023-48052 was published for httpie (pip) Nov 16, 2023
RJPercival
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database