GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
94 advisories
Filter by severity
Gradio vulnerable to arbitrary file read with File and UploadButton components
Moderate
CVE-2024-51751
was published
for
gradio
(pip)
Nov 6, 2024
Gradio has several components with post-process steps allow arbitrary file leaks
Moderate
CVE-2024-47868
was published
for
gradio
(pip)
Oct 10, 2024
Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users
Moderate
CVE-2024-8072
was published
for
mage-ai
(pip)
Aug 22, 2024
openstack-heat may disclose sensitive information
Moderate
CVE-2024-7319
was published
for
openstack-heat
(pip)
Aug 2, 2024
Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints
Moderate
CVE-2024-35189
was published
for
ethyca-fides
(pip)
Jun 2, 2024
jupyter-scheduler's endpoint is missing authentication
Moderate
CVE-2024-28188
was published
for
jupyter-scheduler
(pip)
May 23, 2024
Scrapy leaks the authorization header on same-domain but cross-origin redirects
Moderate
CVE-2024-1968
was published
for
Scrapy
(pip)
May 14, 2024
Nebari prints temporary Keycloak root password
Moderate
CVE-2024-34529
was published
for
nebari
(pip)
May 6, 2024
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used
Moderate
CVE-2024-31869
was published
for
apache-airflow
(pip)
Apr 18, 2024
Apache Superset: Improper error handling on alerts
Moderate
CVE-2024-27315
was published
for
apache-superset
(pip)
Feb 28, 2024
NoneBot Potential Information Leak in User-Constructed Message Templates
Moderate
CVE-2024-21624
was published
for
nonebot2
(pip)
Feb 9, 2024
User accounts disclosed to unauthenticated actors on the LAN
Moderate
CVE-2023-50715
was published
for
homeassistant
(pip)
Dec 15, 2023
Exposure of Sensitive Information in mltable
Moderate
CVE-2023-35625
was published
for
mltable
(pip)
Dec 12, 2023
Apache Superset Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2023-42505
was published
for
apache-superset
(pip)
Nov 28, 2023
Clear Text Credentials Exposed via Onboarding Task
Moderate
CVE-2023-48700
was published
for
nautobot-device-onboarding
(pip)
Nov 21, 2023
Synapse vulnerable to leak of remote user device information
Moderate
CVE-2023-43796
was published
for
matrix-synapse
(pip)
Oct 31, 2023
Home Assistant vulnerable to account takeover via auth_callback login
Moderate
CVE-2023-41893
was published
for
homeassistant
(pip)
Oct 26, 2023
Fides Information Disclosure Vulnerability in Config API Endpoint
Moderate
CVE-2023-46125
was published
for
ethyca-fides
(pip)
Oct 24, 2023
Apache Airflow vulnerable to Exposure of Sensitive Information
Moderate
CVE-2023-46288
was published
for
apache-airflow
(pip)
Oct 23, 2023
urllib3's request body not stripped after redirect from 303 status changes request method to GET
Moderate
CVE-2023-45803
was published
for
urllib3
(pip)
Oct 17, 2023
Authorization Header forwarded on redirect
Moderate
CVE-2018-25091
was published
for
urllib3
(pip)
Oct 15, 2023
Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-only
Moderate
CVE-2023-45348
was published
for
apache-airflow
(pip)
Oct 14, 2023
Apache Airflow vulnerable to sensitive information exposure when users list warnings for all DAGs
Moderate
CVE-2023-42780
was published
for
apache-airflow
(pip)
Oct 14, 2023
ProTip!
Advisories are also available from the
GraphQL API