Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

3,417 advisories

Loading
Python package "zhmcclient" stores passwords in clear text in its HMC and API logs Moderate
CVE-2024-53865 was published for zhmcclient (pip) Dec 2, 2024
andy-maier
PyJWT Issuer field partial matches allowed Low
CVE-2024-53861 was published for PyJWT (pip) Dec 2, 2024
fabianbadoi
check-jsonschema default caching for remote schemas allows for cache confusion Moderate
CVE-2024-53848 was published for check-jsonschema (pip) Dec 2, 2024
sethmlarson sirosen
pyspider Cross-site Scripting vulnerability Moderate
CVE-2024-39162 was published for pyspider (pip) Nov 29, 2024
Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API Low
CVE-2024-52008 was published for ethyca-fides (pip) Nov 26, 2024
h0wl andres-torres-marroquin
daveqnet erosselli
aiocpa contains credential harvesting code High
GHSA-486g-47cc-8wxf was published for aiocpa (pip) Nov 25, 2024
MLflow's excessive directory permissions allow local privilege escalation High
CVE-2024-27134 was published for mlflow (pip) Nov 25, 2024
libre-chat Path Traversal vulnerability Moderate
CVE-2024-52787 was published for libre-chat (pip) Nov 25, 2024
OpenStack Neutron can use an incorrect ID during policy enforcement Moderate
CVE-2024-53916 was published for neutron (pip) Nov 25, 2024
Sentry improper error handling leaks Application Integration Client Secret Moderate
CVE-2024-53253 was published for sentry (pip) Nov 22, 2024
Christinarlong
Tornado has an HTTP cookie parsing DoS vulnerability High
CVE-2024-52804 was published for tornado (pip) Nov 22, 2024
kexinoh
GeoNode Server Side Request forgery High
CVE-2023-40017 was published for geonode (pip) Nov 21, 2024
ImThatT
LLama Factory Remote OS Command Injection Vulnerability High
CVE-2024-52803 was published for llamafactory (pip) Nov 21, 2024
superboy-zjc
Litestar allows unbounded resource consumption (DoS vulnerability) High
CVE-2024-52581 was published for litestar (pip) Nov 20, 2024
defnull
django CMS Attributes Field Cross-site Scripting Moderate
CVE-2024-11406 was published for djangocms-attributes-field (pip) Nov 20, 2024
django Filer Unrestricted Upload of File with Dangerous Type Moderate
CVE-2024-11404 was published for django-filer (pip) Nov 20, 2024
HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through High
CVE-2024-52595 was published for lxml-html-clean (pip) Nov 19, 2024
JorianWoltjer frenzymadness
aiohttp allows request smuggling due to incorrect parsing of chunk extensions Moderate
CVE-2024-52304 was published for aiohttp (pip) Nov 18, 2024
JeppW
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes Critical
CVE-2024-47533 was published for cobbler (pip) Nov 18, 2024
opoplawski
django CMS Cross-Site Scripting (XSS) Moderate
CVE-2024-11319 was published for django-cms (pip) Nov 18, 2024
OpenStack improperly deletes access rules Moderate
CVE-2023-6110 was published for python-openstackclient (pip) Nov 17, 2024
Improper Access Control in janeczku/calibre-web Moderate
CVE-2021-3987 was published for calibreweb (pip) Nov 15, 2024
Generation of Error Message Containing Sensitive Information in janeczku/calibre-web Moderate
CVE-2021-3986 was published for calibreweb (pip) Nov 15, 2024
Cross-site Scripting (XSS) - DOM in janeczku/calibre-web Moderate
CVE-2021-3988 was published for calibreweb (pip) Nov 15, 2024
ProTip! Advisories are also available from the GraphQL API