GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,793
Erlang
36
GitHub Actions
29
Go
2,377
Maven
5,000+
npm
4,002
NuGet
720
pip
3,802
Pub
12
RubyGems
927
Rust
984
Swift
38
Unreviewed advisories
All unreviewed
5,000+
1,470 advisories
Filter by severity
LiteLLM Reveals Portion of API Key via a Logging File
High
CVE-2024-9606
was published
for
litellm
(pip)
Mar 20, 2025
Quivr unauthenticated Denial of Service (DoS) via Multipart Boundary
High
CVE-2024-9229
was published
for
quivr-core
(pip)
Mar 20, 2025
BentoML Denial of Service (DoS) via Multipart Boundary
High
CVE-2024-9056
was published
for
bentoml
(pip)
Mar 20, 2025
LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP Request
High
CVE-2024-8984
was published
for
litellm
(pip)
Mar 20, 2025
MLflow has a Local File Read/Path Traversal in dbfs
High
CVE-2024-8859
was published
for
mlflow
(pip)
Mar 20, 2025
Composio Eval Injection Vulnerability
High
CVE-2024-8953
was published
for
composio-core
(pip)
Mar 20, 2025
Gradio DOS in multipart boundry while uploading the file
High
CVE-2024-8966
was published
for
gradio
(pip)
Mar 20, 2025
AgentScope Cross-Origin Resource Sharing (CORS) vulnerability
High
CVE-2024-8487
was published
for
agentscope
(pip)
Mar 20, 2025
AgentScope arbitrary file download vulnerability in rpc_agent_client
High
CVE-2024-8501
was published
for
agentscope
(pip)
Mar 20, 2025
AgentScope directory traversal vulnerability in /read-examples
High
CVE-2024-8524
was published
for
agentscope
(pip)
Mar 20, 2025
H2O Vulnerable to Arbitrary File Overwrite
High
CVE-2024-8616
was published
for
ai.h2o:h2o-core
(Maven)
Mar 20, 2025
AgentScope Path Traversal in /api/file
High
CVE-2024-8438
was published
for
agentscope
(pip)
Mar 20, 2025
Open WebUI lacks authentication for the `api/v1/utils/pdf` endpoint
High
CVE-2024-8053
was published
for
open-webui
(pip)
Mar 20, 2025
Prefect CORS (Cross-Origin Resource Sharing) misconfiguration
High
CVE-2024-8183
was published
for
prefect
(pip)
Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) via `HEAD` Request
High
CVE-2024-8062
was published
for
ai.h2o:h2o-core
(Maven)
Mar 20, 2025
Aim allows denial of service due to no timeouts for some tracking server endpoints
High
CVE-2024-8061
was published
for
aim
(pip)
Mar 20, 2025
PyTorch Lightning denial of service vulnerability
High
CVE-2024-8020
was published
for
pytorch-lightning
(pip)
Mar 20, 2025
Open WebUI allows Remote Code Execution via Arbitrary File Upload to /audio/api/v1/transcriptions
High
CVE-2024-8060
was published
for
open-webui
(pip)
Mar 20, 2025
Open WebUI stored cross-site scripting (XSS) vulnerability
High
CVE-2024-7990
was published
for
open-webui
(pip)
Mar 20, 2025
Open WebUI denial of service through endpoint for converting markdown
High
CVE-2024-7983
was published
for
open-webui
(pip)
Mar 20, 2025
Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability in api/chat/file
High
GHSA-6wj5-5pgr-jwq8
was published
for
open-webui
(pip)
Mar 20, 2025
Open Neural Network Exchange (ONNX) Path Traversal Vulnerability
High
CVE-2024-7776
was published
for
onnx
(pip)
Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint
High
CVE-2024-7768
was published
for
ai.h2o:h2o-core
(Maven)
Mar 20, 2025
Open WebUI has SSRF in /openai/models
High
CVE-2024-7959
was published
for
open-webui
(pip)
Mar 20, 2025
Open WebUI Vulnerable to a Session Fixation Attack
High
CVE-2024-7053
was published
for
open-webui
(pip)
Mar 20, 2025
ProTip!
Advisories are also available from the
GraphQL API