Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,438
Erlang
29
GitHub Actions
16
Go
1,663
Maven
4,922
npm
3,450
NuGet
594
pip
2,853
Pub
10
RubyGems
823
Rust
764
Swift
34
Unreviewed advisories
All unreviewed
5,000+

18,380 advisories

Arbitrary HTML present after sanitization because of unicode normalization High
CVE-2024-34078 was published for html-sanitizer (pip) May 6, 2024
yzueger
Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain High
CVE-2024-34069 was published for Werkzeug (pip) May 6, 2024
Ry0taK
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter Moderate
CVE-2024-34064 was published for Jinja2 (pip) May 6, 2024
Ry0taK
Litestar and Starlite vulnerable to Path Traversal High
CVE-2024-32982 was published for litestar (pip) May 6, 2024
brian-edgar-re
go-ethereum vulnerable to DoS via malicious p2p message High
CVE-2024-32972 was published for github.com/ethereum/go-ethereum (Go) May 6, 2024
WordOps has TOCTOU race condition Moderate
CVE-2024-34528 was published for wordops (pip) May 6, 2024
Nebari prints temporary Keycloak root password Moderate
CVE-2024-34529 was published for nebari (pip) May 6, 2024
Gradio's Component Server does not properly consider` _is_server_fn` for functions Moderate
CVE-2024-34511 was published for gradio (pip) May 5, 2024
btcd susceptible to consensus failures Moderate
CVE-2024-34478 was published for github.com/btcsuite/btcd (Go) May 5, 2024
Ryu Infinite Loop vulnerability Moderate
CVE-2024-34483 was published for ryu (pip) May 5, 2024
Ryu Infinite Loop vulnerability Moderate
CVE-2024-34488 was published for ryu (pip) May 5, 2024
Ryu Infinite Loop vulnerability Moderate
CVE-2024-34487 was published for ryu (pip) May 5, 2024
Ryu Infinite Loop vulnerability Moderate
CVE-2024-34486 was published for ryu (pip) May 5, 2024
Ryu Infinite Loop vulnerability Moderate
CVE-2024-34484 was published for ryu (pip) May 5, 2024
Ryu Infinite Loop vulnerability Moderate
CVE-2024-34489 was published for ryu (pip) May 5, 2024
Zenario uses Twig filters insecurely in the Twig Snippet plugin Moderate
CVE-2024-34461 was published for tribalsystems/zenario (Composer) May 4, 2024
Zenario's Tree Explorer tool from Organizer affected by Cross-site Scripting Moderate
CVE-2024-34460 was published for tribalsystems/zenario (Composer) May 4, 2024
kurwov vulnerable to Denial of Service due to improper data sanitization Moderate
CVE-2024-34075 was published for kurwov (npm) May 3, 2024
SuperchupuDev
Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull Moderate
CVE-2024-34068 was published for github.com/pterodactyl/wings (Go) May 3, 2024
TrixterTheTux matthewpi
Pterodactyl panel's admin area vulnerable to Cross-site Scripting Moderate
CVE-2024-34067 was published for pterodactyl/panel (Composer) May 3, 2024
TrixterTheTux matthewpi
Pterodactyl Wings vulnerable to Arbitrary File Write/Read High
CVE-2024-34066 was published for github.com/pterodactyl/wings (Go) May 3, 2024
TrixterTheTux matthewpi
sagemaker-python-sdk Command Injection vulnerability High
CVE-2024-34073 was published for sagemaker (pip) May 3, 2024
Kasimir123
sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data High
CVE-2024-34072 was published for sagemaker (pip) May 3, 2024
Kasimir123
vodozemac has degraded secret zeroization capabilities Low
CVE-2024-34063 was published for vodozemac (Rust) May 3, 2024
tqdm CLI arguments injection attack Low
CVE-2024-34062 was published for tqdm (pip) May 3, 2024
ProTip! Advisories are also available from the GraphQL API