GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,417 advisories
Filter by severity
Jinja has a sandbox breakout through indirect reference to format method
Moderate
CVE-2024-56326
was published
for
jinja2
(pip)
Dec 23, 2024
Jinja has a sandbox breakout through malicious filenames
Moderate
CVE-2024-56201
was published
for
jinja2
(pip)
Dec 23, 2024
pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
High
CVE-2024-56327
was published
for
pyrage
(pip)
Dec 19, 2024
PGHoard Path Traversal vulnerability
Moderate
CVE-2024-56142
was published
for
pghoard
(pip)
Dec 17, 2024
D-Tale allows Remote Code Execution through the Custom Filter Input
Moderate
CVE-2024-55890
was published
for
dtale
(pip)
Dec 13, 2024
Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access
High
CVE-2024-55633
was published
for
apache-superset
(pip)
Dec 12, 2024
python-libarchive directory traversal
High
CVE-2024-55587
was published
for
python-libarchive
(pip)
Dec 12, 2024
sigstore has insufficient validation of integration timestamp during verification
Low
CVE-2024-55655
was published
for
sigstore
(pip)
Dec 11, 2024
luigi Arbitrary File Write via Archive Extraction (Zip Slip)
High
CVE-2024-21542
was published
for
luigi
(pip)
Dec 10, 2024
unstructured XML External Entity (XXE)
Moderate
CVE-2024-46455
was published
for
unstructured
(pip)
Dec 9, 2024
Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled
High
CVE-2024-53949
was published
for
apache-superset
(pip)
Dec 9, 2024
Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions
Low
CVE-2024-53947
was published
for
apache-superset
(pip)
Dec 9, 2024
Apache Superset: Error verbosity exposes metadata in analytics databases
Moderate
CVE-2024-53948
was published
for
apache-superset
(pip)
Dec 9, 2024
Django SQL injection in HasKey(lhs, rhs) on Oracle
High
CVE-2024-53908
was published
for
Django
(pip)
Dec 6, 2024
Django denial-of-service in django.utils.html.strip_tags()
Moderate
CVE-2024-53907
was published
for
Django
(pip)
Dec 6, 2024
pyspider Cross-Site Request Forgery (CSRF) via the Flask endpoints
High
CVE-2024-39163
was published
for
pyspider
(pip)
Dec 4, 2024
Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality
Moderate
CVE-2024-53999
was published
for
mobsf
(pip)
Dec 3, 2024
Synapse Matrix has a partial room state leak via Sliding Sync
Moderate
CVE-2024-53867
was published
for
matrix-synapse
(pip)
Dec 3, 2024
Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders
High
CVE-2024-53863
was published
for
matrix-synapse
(pip)
Dec 3, 2024
Synapse allows a a malformed invite to break the invitee's `/sync`
High
CVE-2024-52815
was published
for
matrix-synapse
(pip)
Dec 3, 2024
Synapse allows unsupported content types to lead to memory exhaustion
High
CVE-2024-52805
was published
for
matrix-synapse
(pip)
Dec 3, 2024
Synapse's unauthenticated writes to the media repository allow planting of problematic content
Moderate
CVE-2024-37303
was published
for
matrix-synapse
(pip)
Dec 3, 2024
Synapse denial of service through media disk space consumption
High
CVE-2024-37302
was published
for
matrix-synapse
(pip)
Dec 3, 2024
Denial of service (DoS) via deformation `multipart/form-data` boundary
High
CVE-2024-53981
was published
for
python-multipart
(pip)
Dec 2, 2024
ProTip!
Advisories are also available from the
GraphQL API