GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,269
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,487
Swift
61
Unreviewed advisories
All unreviewed
5,000+
253 advisories
Filter by severity
Keras has a Local File Disclosure via HDF5 External Storage During Keras Weight Loading
High
CVE-2026-1669
was published
for
keras
(pip)
Feb 18, 2026
Apache Airflow UI Exposes DAG Import Errors to Unauthorized Authenticated Users
Moderate
CVE-2026-24098
was published
for
apache-airflow
(pip)
Feb 9, 2026
MCP-Salesforce's arbitrary attribute access leads to disclosure of Salesforce auth token
High
CVE-2026-25650
was published
for
mcp-salesforce-connector
(pip)
Feb 6, 2026
Apache Airflow secrets in rendered templates could contain parts of sensitive values when truncated
High
CVE-2025-68438
was published
for
apache-airflow
(pip)
Jan 16, 2026
Weblate wlc has insecure API key configuration
Moderate
CVE-2026-22251
was published
for
wlc
(pip)
Jan 12, 2026
ComposioHQ has a directory traversal vulnerability
Moderate
CVE-2025-56427
was published
for
composio
(pip)
Dec 4, 2025
Ansible Community General Collection is vulnerable to exposure of sensitive information
Moderate
CVE-2025-14010
was published
for
ansible
(pip)
Dec 4, 2025
BBOT's gitlab.py exposes globally configured "gitlab" API key
Moderate
CVE-2025-10282
was published
for
bbot
(pip)
Oct 27, 2025
BBOT's git_clone.py can expose users' GitHub API keys to an attacker-controlled webserver
Moderate
CVE-2025-10281
was published
for
bbot
(pip)
Oct 9, 2025
ml-logger file handler allows reading arbitrary files
Moderate
CVE-2025-10952
was published
for
ml-logger
(pip)
Sep 25, 2025
Langchain Community Vulnerable to XML External Entity (XXE) Attacks
High
CVE-2025-6984
was published
for
langchain-community
(pip)
Sep 4, 2025
Apache Superset data query improperly discloses database schema information to low-privileged guest user
Moderate
CVE-2025-55673
was published
for
apache-superset
(pip)
Aug 14, 2025
Indico vulnerability allows attackers to bulk dump user details
Moderate
CVE-2025-53640
was published
for
indico
(pip)
Jul 14, 2025
Nautobot may allows uploaded media files to be accessible without authentication
Moderate
CVE-2025-49143
was published
for
nautobot
(pip)
Jun 10, 2025
BackendAI vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
High
CVE-2025-49653
was published
for
backend.ai
(pip)
Jun 9, 2025
Apache IoTDB Discloses Sensitive Information via Log Files
Moderate
CVE-2025-26864
was published
for
apache-iotdb
(Maven)
May 14, 2025
Frappe vulnerable to information disclosure leading to account takeover
High
CVE-2025-30214
was published
for
frappe
(pip)
Mar 25, 2025
sniff_csv provides filesystem access even when enable_external_access is disabled in duckdb
High
CVE-2024-41672
was published
for
duckdb
(pip)
Jan 21, 2025
changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal
High
CVE-2024-56509
was published
for
changedetection.io
(pip)
Dec 27, 2024
Gradio vulnerable to arbitrary file read with File and UploadButton components
Moderate
CVE-2024-51751
was published
for
gradio
(pip)
Nov 6, 2024
Gradio has several components with post-process steps allow arbitrary file leaks
Moderate
CVE-2024-47868
was published
for
gradio
(pip)
Oct 10, 2024
open-webui allows enumeration of file names and traversal of directories by observing the error messages
Low
CVE-2024-7038
was published
for
open-webui
(pip)
Oct 9, 2024
RestrictedPython information leakage via `AttributeError.obj` and the `string` module
High
CVE-2024-47532
was published
for
RestrictedPython
(pip)
Sep 30, 2024
Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users
Moderate
CVE-2024-8072
was published
for
mage-ai
(pip)
Aug 22, 2024
openstack-heat may disclose sensitive information
Moderate
CVE-2024-7319
was published
for
openstack-heat
(pip)
Aug 2, 2024
ProTip!
Advisories are also available from the
GraphQL API