Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

3,421 advisories

Loading
OpenStack improperly deletes access rules Moderate
CVE-2023-6110 was published for python-openstackclient (pip) Nov 17, 2024
Cross-site Scripting (XSS) - DOM in janeczku/calibre-web Moderate
CVE-2021-3988 was published for calibreweb (pip) Nov 15, 2024
Improper Access Control in janeczku/calibre-web Moderate
CVE-2021-3987 was published for calibreweb (pip) Nov 15, 2024
Generation of Error Message Containing Sensitive Information in janeczku/calibre-web Moderate
CVE-2021-3986 was published for calibreweb (pip) Nov 15, 2024
Apache Airflow: Sensitive configuration values are not masked in the logs by default High
CVE-2024-45784 was published for airflow (pip) Nov 15, 2024
ReDoS in giskard's transformation.py (GHSL-2024-324) Moderate
CVE-2024-52524 was published for giskard (pip) Nov 14, 2024
kevinbackhouse
Missing ratelimit on passwrod resets in zenml Moderate
CVE-2024-4311 was published for zenml (pip) Nov 14, 2024
Salt preflight script could be attacker controlled Moderate
CVE-2023-34049 was published for salt (pip) Nov 14, 2024
Ansible-Core vulnerable to content protections bypass Low
CVE-2024-11079 was published for ansible-core (pip) Nov 12, 2024
arvindshmicrosoft
wasm3 uncontrolled memory allocation vulnerability Moderate
CVE-2024-27529 was published for github.com/shareup/wasm-interpreter-apple (pip) Nov 9, 2024
Apache Airflow vulnerable to Insertion of Sensitive Information Into Sent Data Low
CVE-2024-50378 was published for apache-airflow (pip) Nov 8, 2024
changedetection.io path traversal using file URI scheme without supplying hostname High
CVE-2024-51998 was published for changedetection.io (pip) Nov 7, 2024
Erb3
Gradio vulnerable to arbitrary file read with File and UploadButton components Moderate
CVE-2024-51751 was published for gradio (pip) Nov 6, 2024
ifratric
codechecker vulnerable to authentication bypass when using specifically crafted URLs Critical
CVE-2024-10081 was published for codechecker (pip) Nov 6, 2024
Discookie dkrupp
ansible-core Incorrect Authorization vulnerability Moderate
CVE-2024-9902 was published for ansible-core (pip) Nov 6, 2024
OctoPrint has API key access in settings without reauthentication Moderate
CVE-2024-51493 was published for OctoPrint (pip) Nov 5, 2024
jacopotediosi
OctoPrint Vulnerable to Reflected XSS in Jinja2 Templates Moderate
CVE-2024-49377 was published for OctoPrint (pip) Nov 5, 2024
jacopotediosi
gradio Server Side Request Forgery vulnerability Moderate
CVE-2024-48052 was published for gradio (pip) Nov 5, 2024
AgentScope uses `eval` High
CVE-2024-48050 was published for agentscope (pip) Nov 5, 2024
Langflow vulnerable to remote code execution Moderate
CVE-2024-48061 was published for langflow (pip) Nov 5, 2024
Access control vulnerable to user data deletion by anonynmous users Moderate
CVE-2024-51734 was published for AccessControl (pip) Nov 4, 2024
n1k9 d-maurer
perrinjerome dataflake
changedetection.io Path Traversal Moderate
CVE-2024-51483 was published for changedetection.io (pip) Nov 1, 2024
chasebowman-contrast
langflow has vulnerability in PythonCodeTool component High
CVE-2024-42835 was published for langflow (pip) Oct 31, 2024
Langchain SQL Injection vulnerability Low
CVE-2024-8309 was published for langchain (pip) Oct 29, 2024
BarrensZeppelin eyurtsev
efriis
ProTip! Advisories are also available from the GraphQL API