Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

109 advisories

Loading
mcp-memory-service Vulnerable to System Information Disclosure via Health Endpoint Moderate
CVE-2026-29787 was published for mcp-memory-service (pip) Mar 5, 2026
yotampe-pluto Credited to yotampe-pluto
Gradio has an Open Redirect in its OAuth Flow Moderate
CVE-2026-28415 was published for gradio (pip) Mar 1, 2026
logicx24 Credited to logicx24
Weblate: Missing access control for the AddonViewSet API exposes all addon configurations Moderate
CVE-2026-27457 was published for weblate (pip) Feb 26, 2026
nijel Credited to nijel
Apache Airflow UI Exposes DAG Import Errors to Unauthorized Authenticated Users Moderate
CVE-2026-24098 was published for apache-airflow (pip) Feb 9, 2026
saivarun3407 Credited to saivarun3407
Weblate wlc has insecure API key configuration Moderate
CVE-2026-22251 was published for wlc (pip) Jan 12, 2026
nijel Credited to nijel and Zee99y Zee99y Zee99y
ComposioHQ has a directory traversal vulnerability Moderate
CVE-2025-56427 was published for composio (pip) Dec 4, 2025
Ansible Community General Collection is vulnerable to exposure of sensitive information Moderate
CVE-2025-14010 was published for ansible (pip) Dec 4, 2025
reanguiano Credited to reanguiano
BBOT's gitlab.py exposes globally configured "gitlab" API key Moderate
CVE-2025-10282 was published for bbot (pip) Oct 27, 2025
justinsteven Credited to justinsteven
BBOT's git_clone.py can expose users' GitHub API keys to an attacker-controlled webserver Moderate
CVE-2025-10281 was published for bbot (pip) Oct 9, 2025
justinsteven Credited to justinsteven and liquidsec liquidsec liquidsec
ml-logger file handler allows reading arbitrary files Moderate
CVE-2025-10952 was published for ml-logger (pip) Sep 25, 2025
Apache Superset data query improperly discloses database schema information to low-privileged guest user Moderate
CVE-2025-55673 was published for apache-superset (pip) Aug 14, 2025
Indico vulnerability allows attackers to bulk dump user details Moderate
CVE-2025-53640 was published for indico (pip) Jul 14, 2025
rafaelcorvino1 Credited to rafaelcorvino1, rildosouza, and nmmorette rildosouza rildosouza
nmmorette nmmorette
Nautobot may allows uploaded media files to be accessible without authentication Moderate
CVE-2025-49143 was published for nautobot (pip) Jun 10, 2025
Apache IoTDB Discloses Sensitive Information via Log Files Moderate
CVE-2025-26864 was published for apache-iotdb (Maven) May 14, 2025
Gradio vulnerable to arbitrary file read with File and UploadButton components Moderate
CVE-2024-51751 was published for gradio (pip) Nov 6, 2024
ifratric Credited to ifratric
Gradio has several components with post-process steps allow arbitrary file leaks Moderate
CVE-2024-47868 was published for gradio (pip) Oct 10, 2024
ahpaleus Credited to ahpaleus and Vasco-jofra Vasco-jofra Vasco-jofra
Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users Moderate
CVE-2024-8072 was published for mage-ai (pip) Aug 22, 2024
openstack-heat may disclose sensitive information Moderate
CVE-2024-7319 was published for openstack-heat (pip) Aug 2, 2024
Arbitrary system path lookup in h20 Moderate
CVE-2024-5550 was published for h2o (pip) Jun 6, 2024
Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints Moderate
CVE-2024-35189 was published for ethyca-fides (pip) Jun 2, 2024
adamsachs Credited to adamsachs
jupyter-scheduler's endpoint is missing authentication Moderate
CVE-2024-28188 was published for jupyter-scheduler (pip) May 23, 2024
krassowski Credited to krassowski, Carreau, andrii-i, dlqqq, and yuvipanda Carreau Carreau
andrii-i andrii-i dlqqq dlqqq yuvipanda yuvipanda
Scrapy leaks the authorization header on same-domain but cross-origin redirects Moderate
CVE-2024-1968 was published for Scrapy (pip) May 14, 2024
Szarny Credited to Szarny
Nebari prints temporary Keycloak root password Moderate
CVE-2024-34529 was published for nebari (pip) May 6, 2024
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used Moderate
CVE-2024-31869 was published for apache-airflow (pip) Apr 18, 2024
Information leakage in YAQL Moderate
CVE-2024-29156 was published for yaql (pip) Mar 18, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database