Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

253 advisories

Loading
Sentry's Python SDK unintentionally exposes environment variables to subprocesses Low
CVE-2024-40647 was published for sentry-sdk (pip) Jul 18, 2024
kmichel-aiven Credited to kmichel-aiven and cgurnik cgurnik cgurnik
Vanna vulnerable to SQL Injection High
CVE-2024-5753 was published for vanna (pip) Jul 5, 2024
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access High
CVE-2024-32498 was published for cinder (pip) Jul 5, 2024
Arbitrary system path lookup in h20 Moderate
CVE-2024-5550 was published for h2o (pip) Jun 6, 2024
Jupyter server on Windows discloses Windows user password hash High
CVE-2024-35178 was published for jupyter_server (pip) Jun 6, 2024
nvn1729 Credited to nvn1729
Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints Moderate
CVE-2024-35189 was published for ethyca-fides (pip) Jun 2, 2024
adamsachs Credited to adamsachs
jupyter-scheduler's endpoint is missing authentication Moderate
CVE-2024-28188 was published for jupyter-scheduler (pip) May 23, 2024
krassowski Credited to krassowski, Carreau, andrii-i, dlqqq, and yuvipanda Carreau Carreau
andrii-i andrii-i dlqqq dlqqq yuvipanda yuvipanda
Duplicate Advisory: Scrapy leaks the authorization header on same-domain but cross-origin redirects High
GHSA-cg34-w3fm-82h3 was published for scrapy (pip) May 20, 2024 withdrawn
Scrapy leaks the authorization header on same-domain but cross-origin redirects Moderate
CVE-2024-1968 was published for Scrapy (pip) May 14, 2024
Szarny Credited to Szarny
Nebari prints temporary Keycloak root password Moderate
CVE-2024-34529 was published for nebari (pip) May 6, 2024
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used Moderate
CVE-2024-31869 was published for apache-airflow (pip) Apr 18, 2024
Duplicate Advisory: Scrapy authorization header leakage on cross-domain redirect High
GHSA-4q82-j5c2-g2c5 was published for scrapy (pip) Apr 16, 2024 withdrawn
Unauthenticated views may expose information to anonymous users Low
CVE-2024-29199 was published for nautobot (pip) Mar 26, 2024
joewesch Credited to joewesch
Information leakage in YAQL Moderate
CVE-2024-29156 was published for yaql (pip) Mar 18, 2024
Apache Superset: Improper error handling on alerts Moderate
CVE-2024-27315 was published for apache-superset (pip) Feb 28, 2024
oscerd Credited to oscerd
Scrapy authorization header leakage on cross-domain redirect High
CVE-2024-3574 was published for scrapy (pip) Feb 15, 2024
ranjit-git Credited to ranjit-git
NoneBot Potential Information Leak in User-Constructed Message Templates Moderate
CVE-2024-21624 was published for nonebot2 (pip) Feb 9, 2024
mnixry Credited to mnixry
DIRAC's TokenManager does not check permissions on cached tokens Critical
CVE-2024-24825 was published for DIRAC (pip) Feb 8, 2024
chaen Credited to chaen, aldbr, and chrisburr aldbr aldbr
chrisburr chrisburr
JupyterLab vulnerable to potential authentication and CSRF tokens leak High
CVE-2024-22421 was published for jupyterlab (pip) Jan 19, 2024
davwwwx Credited to davwwwx
User accounts disclosed to unauthenticated actors on the LAN Moderate
CVE-2023-50715 was published for homeassistant (pip) Dec 15, 2023
r01k Credited to r01k
Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerability Critical
CVE-2023-6572 was published for gradio (pip) Dec 14, 2023
Unauthenticated db-file-storage views Low
CVE-2023-50263 was published for nautobot (pip) Dec 13, 2023
Kircheneer Credited to Kircheneer
Exposure of Sensitive Information in mltable Moderate
CVE-2023-35625 was published for mltable (pip) Dec 12, 2023
Information exposure in MLflow High
CVE-2023-43472 was published for mlflow (pip) Dec 5, 2023
Apache Superset Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-42505 was published for apache-superset (pip) Nov 28, 2023
ProTip! Advisories are also available from the GraphQL API