Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

187 advisories

Loading
Sentry's Python SDK unintentionally exposes environment variables to subprocesses Low
CVE-2024-40647 was published for sentry-sdk (pip) Jul 18, 2024
kmichel-aiven cgurnik
Pillow Temporary file name leakage Moderate
CVE-2014-1933 was published for Pillow (pip) May 18, 2020
Frappe vulnerable to information disclosure leading to account takeover High
CVE-2025-30214 was published for frappe (pip) Mar 25, 2025
yeuchimse
Nebari prints temporary Keycloak root password Moderate
CVE-2024-34529 was published for nebari (pip) May 6, 2024
Information leakage in YAQL Moderate
CVE-2024-29156 was published for yaql (pip) Mar 18, 2024
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings Low
CVE-2022-31177 was published for Flask-AppBuilder (pip) Jul 29, 2022
Apache Superset Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-42505 was published for apache-superset (pip) Nov 28, 2023
Synapse vulnerable to leak of remote user device information Moderate
CVE-2023-43796 was published for matrix-synapse (pip) Oct 31, 2023
urllib3's request body not stripped after redirect from 303 status changes request method to GET Moderate
CVE-2023-45803 was published for urllib3 (pip) Oct 17, 2023
ranjit-git illia-v
sethmlarson Hacked36
Apache Airflow vulnerable to sensitive information exposure Moderate
CVE-2023-42663 was published for apache-airflow (pip) Oct 14, 2023
Apache Airflow denial of service vulnerability High
CVE-2023-37379 was published for apache-airflow (pip) Aug 23, 2023
Apache Airflow Execution with Unnecessary Privileges High
CVE-2023-39508 was published for apache-airflow (pip) Aug 5, 2023
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used Moderate
CVE-2024-31869 was published for apache-airflow (pip) Apr 18, 2024
sniff_csv provides filesystem access even when enable_external_access is disabled in duckdb High
CVE-2024-41672 was published for duckdb (pip) Jan 21, 2025
zacMode
Jupyter server on Windows discloses Windows user password hash High
CVE-2024-35178 was published for jupyter_server (pip) Jun 6, 2024
nvn1729
RestrictedPython information leakage via `AttributeError.obj` and the `string` module High
CVE-2024-47532 was published for RestrictedPython (pip) Sep 30, 2024
Quasar0147 dronex7070
d-maurer dataflake icemac
Gradio has several components with post-process steps allow arbitrary file leaks Moderate
CVE-2024-47868 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal High
CVE-2024-56509 was published for changedetection.io (pip) Dec 27, 2024
vicevirus
Exposure of Sensitive Information to an Unauthorized Actor in urllib3 Critical
CVE-2018-20060 was published for urllib3 (pip) Dec 12, 2018
`Cookie` HTTP header isn't stripped on cross-origin redirects High
CVE-2023-43804 was published for urllib3 (pip) Oct 2, 2023
ranjit-git pquentin
illia-v sethmlarson
OpenStack Swift Discloses Secret URLs to Timing Attack High
CVE-2014-0006 was published for swift (pip) May 17, 2022
OpenStack Nova host data leak to vm instance in rescue mode Low
CVE-2014-0134 was published for nova (pip) May 17, 2022
OpenStack Image Service (Glance) allows remote authenticated users to read arbitrary file High
CVE-2015-5163 was published for glance (pip) May 17, 2022
tdunlap607
OpenStack Nova Live migration can leak root disk into ephemeral storage High
CVE-2013-7130 was published for nova (pip) May 17, 2022
OpenStack Cinder LVMVolumeDriver does not zero deleted snapshots Moderate
CVE-2013-4183 was published for cinder (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database