Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,313 advisories

Loading
Django vulnerable to Denial of Service High
CVE-2024-39614 was published for Django (pip) Jul 10, 2024
Aim denial of service vulnerability High
CVE-2024-6227 was published for aim (pip) Jul 8, 2024
Vanna vulnerable to SQL Injection High
CVE-2024-5753 was published for vanna (pip) Jul 5, 2024
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access High
CVE-2024-32498 was published for cinder (pip) Jul 5, 2024
yt-dlp File system modification and RCE through improper file-extension sanitization High
CVE-2024-38519 was published for yt-dlp (pip) Jul 2, 2024
pukkandan JarLob
Grub4K
ntlk unsafe deserialization vulnerability High
CVE-2024-39705 was published for nltk (pip) Jun 28, 2024
justinrosenthal ekaf
h2o vulnerable to unexpected POST request shutting down server High
CVE-2024-5979 was published for h2o (pip) Jun 27, 2024
lollms vulnerable to dot-dot-slash path traversal in XTTS server High
CVE-2024-6139 was published for lollms (pip) Jun 27, 2024
lollms path traversal vulnerability allows overriding of config.yaml file, leading to RCE High
CVE-2024-5824 was published for lollms (pip) Jun 27, 2024
lollms vulnerable to path traversal due to unauthenticated root folder settings change High
CVE-2024-6085 was published for lollms (pip) Jun 27, 2024
Path traversal in saltstack High
CVE-2024-22232 was published for salt (pip) Jun 27, 2024
pdoc embeds link to malicious CDN if math mode is enabled High
CVE-2024-38526 was published for pdoc (pip) Jun 25, 2024
adhintz mhils
js2py allows remote code execution High
CVE-2024-28397 was published for js2py (pip) Jun 20, 2024
LNbits improperly handles potential network and payment failures when using Eclair backend High
CVE-2024-34694 was published for lnbits (pip) Jun 17, 2024
Semisol fishcakeday
langchain_experimental Code Execution via Python REPL access High
CVE-2024-38459 was published for langchain-experimental (pip) Jun 16, 2024
Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0 High
CVE-2024-37300 was published for oauthenticator (pip) Jun 12, 2024
minrk yuvipanda
manics
Langflow remote code execution vulnerability High
CVE-2024-37014 was published for langflow (pip) Jun 10, 2024
Authlib has algorithm confusion with asymmetric public keys High
CVE-2024-37568 was published for authlib (pip) Jun 9, 2024
ebookmeta XML External Entity vulnerability High
CVE-2024-36827 was published for ebookmeta (pip) Jun 7, 2024
ebookmeta XML External Entity vulnerability High
CVE-2024-37388 was published for ebookmeta (pip) Jun 7, 2024
LoLLMS Path Traversal vulnerability High
CVE-2024-4881 was published for lollms (pip) Jun 6, 2024
onnx allows Arbitrary File Overwrite in download_model_with_test_data High
CVE-2024-5187 was published for onnx (pip) Jun 6, 2024
Authentication bypass in dtale High
CVE-2024-3408 was published for dtale (pip) Jun 6, 2024
Arbitrary file deletion in litellm High
CVE-2024-4888 was published for litellm (pip) Jun 6, 2024
LoLLMS Path Traversal vulnerability High
CVE-2024-3429 was published for lollms (pip) Jun 6, 2024
ProTip! Advisories are also available from the GraphQL API