Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

3,332 advisories

Loading
ReDoS in giskard's transformation.py (GHSL-2024-324) Moderate
CVE-2024-52524 was published for giskard (pip) Nov 14, 2024
kevinbackhouse
Missing ratelimit on passwrod resets in zenml Moderate
CVE-2024-4311 was published for zenml (pip) Nov 14, 2024
Salt preflight script could be attacker controlled Moderate
CVE-2023-34049 was published for salt (pip) Nov 14, 2024
Ansible-Core vulnerable to content protections bypass Low
CVE-2024-11079 was published for ansible-core (pip) Nov 12, 2024
wasm3 uncontrolled memory allocation vulnerability Moderate
CVE-2024-27529 was published for github.com/shareup/wasm-interpreter-apple (pip) Nov 9, 2024
Apache Airflow vulnerable to Insertion of Sensitive Information Into Sent Data Low
CVE-2024-50378 was published for apache-airflow (pip) Nov 8, 2024
changedetection.io path traversal using file URI scheme without supplying hostname High
CVE-2024-51998 was published for changedetection.io (pip) Nov 7, 2024
Erb3
Gradio vulnerable to arbitrary file read with File and UploadButton components Moderate
CVE-2024-51751 was published for gradio (pip) Nov 6, 2024
ifratric
codechecker vulnerable to authentication bypass when using specifically crafted URLs Critical
CVE-2024-10081 was published for codechecker (pip) Nov 6, 2024
Discookie dkrupp
ansible-core Incorrect Authorization vulnerability Moderate
CVE-2024-9902 was published for ansible-core (pip) Nov 6, 2024
OctoPrint has API key access in settings without reauthentication Moderate
CVE-2024-51493 was published for OctoPrint (pip) Nov 5, 2024
jacopotediosi
OctoPrint Vulnerable to Reflected XSS in Jinja2 Templates Moderate
CVE-2024-49377 was published for OctoPrint (pip) Nov 5, 2024
jacopotediosi
Langflow vulnerable to remote code execution Moderate
CVE-2024-48061 was published for langflow (pip) Nov 5, 2024
gradio Server Side Request Forgery vulnerability Moderate
CVE-2024-48052 was published for gradio (pip) Nov 5, 2024
AgentScope uses `eval` High
CVE-2024-48050 was published for agentscope (pip) Nov 5, 2024
Access control vulnerable to user data deletion by anonynmous users Moderate
CVE-2024-51734 was published for AccessControl (pip) Nov 4, 2024
n1k9 d-maurer
perrinjerome dataflake
changedetection.io Path Traversal Moderate
CVE-2024-51483 was published for changedetection.io (pip) Nov 1, 2024
chasebowman-contrast
langflow has vulnerability in PythonCodeTool component High
CVE-2024-42835 was published for langflow (pip) Oct 31, 2024
Lollms vulnerable to Cross-site Scripting Moderate
CVE-2024-6581 was published for lollms (pip) Oct 29, 2024
Langchain SQL Injection vulnerability Low
CVE-2024-8309 was published for langchain (pip) Oct 29, 2024
BarrensZeppelin eyurtsev
efriis
Waitress has request processing race condition in HTTP pipelining with invalid first request Critical
CVE-2024-49768 was published for waitress (pip) Oct 29, 2024
digitalresistor mmerickel
Waitress vulnerable to DoS leading to high CPU usage/resource exhaustion High
CVE-2024-49769 was published for waitress (pip) Oct 29, 2024
djay d-maurer
digitalresistor
Duplicate Advisory: pyload-ng vulnerable to RCE with js2py sandbox escape High
GHSA-25pw-q952-x37g was published for pyload-ng (pip) Oct 28, 2024 withdrawn
MPXJ has a Potential Path Traversal Vulnerability Moderate
CVE-2024-49771 was published for MPXJ.Net (RubyGems) Oct 28, 2024
ProTip! Advisories are also available from the GraphQL API