Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

101 advisories

Loading
Gradio vulnerable to arbitrary file read with File and UploadButton components Moderate
CVE-2024-51751 was published for gradio (pip) Nov 6, 2024
ifratric
Gradio has several components with post-process steps allow arbitrary file leaks Moderate
CVE-2024-47868 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
openstack-heat may disclose sensitive information Moderate
CVE-2024-7319 was published for openstack-heat (pip) Aug 2, 2024
Arbitrary system path lookup in h20 Moderate
CVE-2024-5550 was published for h2o (pip) Jun 6, 2024
Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints Moderate
CVE-2024-35189 was published for ethyca-fides (pip) Jun 2, 2024
adamsachs
jupyter-scheduler's endpoint is missing authentication Moderate
CVE-2024-28188 was published for jupyter-scheduler (pip) May 23, 2024
krassowski Carreau
andrii-i dlqqq yuvipanda
Scrapy leaks the authorization header on same-domain but cross-origin redirects Moderate
CVE-2024-1968 was published for Scrapy (pip) May 14, 2024
Szarny
Nebari prints temporary Keycloak root password Moderate
CVE-2024-34529 was published for nebari (pip) May 6, 2024
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used Moderate
CVE-2024-31869 was published for apache-airflow (pip) Apr 18, 2024
Information leakage in YAQL Moderate
CVE-2024-29156 was published for yaql (pip) Mar 18, 2024
Apache Superset: Improper error handling on alerts Moderate
CVE-2024-27315 was published for apache-superset (pip) Feb 28, 2024
oscerd
NoneBot Potential Information Leak in User-Constructed Message Templates Moderate
CVE-2024-21624 was published for nonebot2 (pip) Feb 9, 2024
mnixry
User accounts disclosed to unauthenticated actors on the LAN Moderate
CVE-2023-50715 was published for homeassistant (pip) Dec 15, 2023
r01k
Exposure of Sensitive Information in mltable Moderate
CVE-2023-35625 was published for mltable (pip) Dec 12, 2023
Apache Superset Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-42505 was published for apache-superset (pip) Nov 28, 2023
Clear Text Credentials Exposed via Onboarding Task Moderate
CVE-2023-48700 was published for nautobot-device-onboarding (pip) Nov 21, 2023
whitej6 jeffkala
bryanculver scetron glennmatthews
Apache Airflow vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2023-42781 was published for apache-airflow (pip) Nov 12, 2023
Synapse vulnerable to leak of remote user device information Moderate
CVE-2023-43796 was published for matrix-synapse (pip) Oct 31, 2023
Home Assistant vulnerable to account takeover via auth_callback login Moderate
CVE-2023-41893 was published for homeassistant (pip) Oct 26, 2023
Fides Information Disclosure Vulnerability in Config API Endpoint Moderate
CVE-2023-46125 was published for ethyca-fides (pip) Oct 24, 2023
h0wl
Apache Airflow vulnerable to Exposure of Sensitive Information Moderate
CVE-2023-46288 was published for apache-airflow (pip) Oct 23, 2023
urllib3's request body not stripped after redirect from 303 status changes request method to GET Moderate
CVE-2023-45803 was published for urllib3 (pip) Oct 17, 2023
ranjit-git illia-v
sethmlarson
Authorization Header forwarded on redirect Moderate
CVE-2018-25091 was published for urllib3 (pip) Oct 15, 2023
Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-only Moderate
CVE-2023-45348 was published for apache-airflow (pip) Oct 14, 2023
sunSUNQ
ProTip! Advisories are also available from the GraphQL API