Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

17 advisories

Loading
Twisted CRLF Injection Moderate
CVE-2019-12387 was published for twisted (pip) Jun 10, 2019
vault-cli contains possible RCE when reading user-defined data Moderate
CVE-2021-43837 was published for vault-cli (pip) Dec 16, 2021
ewjoachim
CRLF injection in urllib3 Moderate
CVE-2020-26137 was published for urllib3 (pip) Jun 18, 2021
SQLFluff users with access to config file, using `libary_path` may call arbitrary python code Moderate
CVE-2023-36830 was published for sqlfluff (pip) Jul 6, 2023
Remote Code Execution in Red Discord Bot Moderate
CVE-2020-15140 was published for Red-DiscordBot (pip) Aug 21, 2020
douglascdev
Radicale regex metacharacters injection in the user name Moderate
CVE-2015-8748 was published for Radicale (pip) May 17, 2022
Apache Spark vulnerable to Log Injection Moderate
CVE-2022-31777 was published for org.apache.spark:spark-core (Maven) Nov 1, 2022
kurt-r2c
CRLF Injection in pypiserver Moderate
CVE-2019-6802 was published for pypiserver (pip) Jan 30, 2019
tdunlap607
OctoPrint vulnerable to Special Element Injection Moderate
CVE-2022-3607 was published for OctoPrint (pip) Oct 19, 2022
HTML injection in email and account expiry notifications Moderate
CVE-2021-21333 was published for matrix-synapse (pip) Mar 26, 2021
lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through Moderate
CVE-2021-43818 was published for lxml (pip) Dec 13, 2021
pwntester
Invenio-App vulnerable to host header injection attack Moderate
CVE-2019-1020006 was published for invenio-app (pip) Jul 16, 2019
D-Tale Command Execution Vulnerability Moderate
CVE-2024-8862 was published for dtale (pip) Sep 16, 2024
D-Tale vulnerable to Remote Code Execution through the Query input on Chart Builder Moderate
CVE-2024-45595 was published for dtale (pip) Sep 10, 2024
AfterSnows
Apache Airflow Potential Cross-site Scripting Vulnerability Moderate
CVE-2024-39863 was published for apache-airflow (pip) Jul 17, 2024
pyload Log Injection vulnerability Moderate
CVE-2024-21645 was published for pyload-ng (pip) Jan 8, 2024
PinkDraconian
Apache Superset vulnerable to Injection Moderate
CVE-2022-43720 was published for apache-superset (pip) Jan 16, 2023
ProTip! Advisories are also available from the GraphQL API