Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,742
Maven
5,000+
npm
4,339
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

63 advisories

Loading
Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack Critical
CVE-2025-62593 was published for ray (pip) Nov 26, 2025
JLLeitschuh avilum
Credited to JLLeitschuh and avilum
MLflow Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2025-1473 was published for mlflow (pip) Mar 20, 2025
Open WebUI Cross-Site Request Forgery (CSRF) Vulnerability High
CVE-2024-7806 was published for open-webui (pip) Mar 20, 2025
Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2024-7035 was published for open-webui (pip) Mar 20, 2025
Aim vulnerable to Cross-Site Request Forgery High
CVE-2024-7760 was published for aim (pip) Mar 20, 2025
DB-GPT vulnerable to Cross-Site Request Forgery High
CVE-2024-10906 was published for dbgpt (pip) Mar 20, 2025
Cross-Site Request Forgery in CodeChecker API High
CVE-2024-53829 was published for codechecker (pip) Jan 21, 2025
Discookie
Credited to Discookie
pyspider Cross-Site Request Forgery (CSRF) via the Flask endpoints High
CVE-2024-39163 was published for pyspider (pip) Dec 4, 2024
Cross-Site Request Forgery (CSRF) in strawberry-graphql Moderate
CVE-2024-47082 was published for strawberry-graphql (pip) Sep 25, 2024
DoctorJohn graingert
Speedy1991
Credited to DoctorJohn, graingert, and Speedy1991
Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files Moderate
CVE-2024-1727 was published for gradio (pip) May 21, 2024
Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain High
CVE-2024-34069 was published for Werkzeug (pip) May 6, 2024
Ry0taK
Credited to Ry0taK
Aim Cross-Site Request Forgery vulnerability allows user to delete runs and perform other operations High
CVE-2024-2196 was published for aim (pip) Apr 10, 2024
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing High
CVE-2024-28233 was published for jupyterhub (pip) Mar 28, 2024
Th0h0
Credited to Th0h0
Duplicate Advisory: Cross-Site Request Forgery in Gradio Moderate
GHSA-3x9g-xfj5-fq84 was published for gradio (pip) Mar 21, 2024 withdrawn
ESPHome vulnerable to Authentication bypass via Cross site request forgery High
CVE-2024-29019 was published for esphome (pip) Mar 21, 2024
r3kumar
Credited to r3kumar
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation Critical
CVE-2024-22416 was published for pyload-ng (pip) Jan 19, 2024
PinkDraconian kaydoda
Credited to PinkDraconian and kaydoda
Apache Airflow Cross-Site Request Forgery vulnerability Moderate
CVE-2023-49920 was published for apache-airflow (pip) Dec 21, 2023
Cross-Site Request Forgery vulnerability in Prefect High
CVE-2023-6022 was published for prefect (pip) Nov 16, 2023
zangell44 bunchesofdonald
Credited to zangell44 and bunchesofdonald
modoboa Cross-Site Request Forgery vulnerability Moderate
CVE-2023-5690 was published for modoboa (pip) Oct 20, 2023
wger Workout Manager Cross-Site Request Forgery vulnerability High
CVE-2023-38759 was published for wger (pip) Aug 8, 2023
modoboa vulnerable to Cross-Site Request Forgery High
CVE-2023-2228 was published for modoboa (pip) Apr 21, 2023
Cross-Site Request Forgery in modoboa Moderate
CVE-2023-0438 was published for modoboa (pip) Jan 23, 2023
Cross-Site Request Forgery in modoboa Moderate
CVE-2023-0406 was published for modoboa (pip) Jan 19, 2023
Modoboa is vulnerable to Cross-Site Request Forgery Moderate
CVE-2023-0398 was published for modoboa (pip) Jan 19, 2023
Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints High
CVE-2022-43719 was published for apache-superset (pip) Jan 16, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database