Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

183 advisories

Loading
Gradio vulnerable to arbitrary file read with File and UploadButton components Moderate
CVE-2024-51751 was published for gradio (pip) Nov 6, 2024
ifratric
Gradio has several components with post-process steps allow arbitrary file leaks Moderate
CVE-2024-47868 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
RestrictedPython information leakage via `AttributeError.obj` and the `string` module High
CVE-2024-47532 was published for RestrictedPython (pip) Sep 30, 2024
Quasar0147 dronex7070
d-maurer dataflake icemac
openstack-heat may disclose sensitive information Moderate
CVE-2024-7319 was published for openstack-heat (pip) Aug 2, 2024
Sentry's Python SDK unintentionally exposes environment variables to subprocesses Low
CVE-2024-40647 was published for sentry-sdk (pip) Jul 18, 2024
kmichel-aiven
Vanna vulnerable to SQL Injection High
CVE-2024-5753 was published for vanna (pip) Jul 5, 2024
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access High
CVE-2024-32498 was published for cinder (pip) Jul 5, 2024
Arbitrary system path lookup in h20 Moderate
CVE-2024-5550 was published for h2o (pip) Jun 6, 2024
Jupyter server on Windows discloses Windows user password hash High
CVE-2024-35178 was published for jupyter_server (pip) Jun 6, 2024
nvn1729
Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints Moderate
CVE-2024-35189 was published for ethyca-fides (pip) Jun 2, 2024
adamsachs
jupyter-scheduler's endpoint is missing authentication Moderate
CVE-2024-28188 was published for jupyter-scheduler (pip) May 23, 2024
krassowski Carreau
andrii-i dlqqq yuvipanda
Duplicate Advisory: Scrapy leaks the authorization header on same-domain but cross-origin redirects High
GHSA-cg34-w3fm-82h3 was published for scrapy (pip) May 20, 2024 withdrawn
Scrapy leaks the authorization header on same-domain but cross-origin redirects Moderate
CVE-2024-1968 was published for Scrapy (pip) May 14, 2024
Szarny
Nebari prints temporary Keycloak root password Moderate
CVE-2024-34529 was published for nebari (pip) May 6, 2024
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used Moderate
CVE-2024-31869 was published for apache-airflow (pip) Apr 18, 2024
Duplicate Advisory: Scrapy authorization header leakage on cross-domain redirect High
GHSA-4q82-j5c2-g2c5 was published for scrapy (pip) Apr 16, 2024 withdrawn
Unauthenticated views may expose information to anonymous users Low
CVE-2024-29199 was published for nautobot (pip) Mar 26, 2024
joewesch
Information leakage in YAQL Moderate
CVE-2024-29156 was published for yaql (pip) Mar 18, 2024
Apache Superset: Improper error handling on alerts Moderate
CVE-2024-27315 was published for apache-superset (pip) Feb 28, 2024
oscerd
Scrapy authorization header leakage on cross-domain redirect High
CVE-2024-3574 was published for scrapy (pip) Feb 15, 2024
ranjit-git
NoneBot Potential Information Leak in User-Constructed Message Templates Moderate
CVE-2024-21624 was published for nonebot2 (pip) Feb 9, 2024
mnixry
DIRAC's TokenManager does not check permissions on cached tokens Critical
CVE-2024-24825 was published for DIRAC (pip) Feb 8, 2024
chaen aldbr
chrisburr
JupyterLab vulnerable to potential authentication and CSRF tokens leak High
CVE-2024-22421 was published for jupyterlab (pip) Jan 19, 2024
davwwwx
ProTip! Advisories are also available from the GraphQL API