Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,736
Maven
5,000+
npm
4,336
NuGet
764
pip
4,110
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,565 advisories

Loading
Composio Eval Injection Vulnerability High
CVE-2024-8953 was published for composio-core (pip) Mar 20, 2025
AgentScope Cross-Origin Resource Sharing (CORS) vulnerability High
CVE-2024-8487 was published for agentscope (pip) Mar 20, 2025
H2O Vulnerable to Arbitrary File Overwrite High
CVE-2024-8616 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
AgentScope Path Traversal in /api/file High
CVE-2024-8438 was published for agentscope (pip) Mar 20, 2025
AgentScope directory traversal vulnerability in /read-examples High
CVE-2024-8524 was published for agentscope (pip) Mar 20, 2025
AgentScope arbitrary file download vulnerability in rpc_agent_client High
CVE-2024-8501 was published for agentscope (pip) Mar 20, 2025
Open WebUI allows Remote Code Execution via Arbitrary File Upload to /audio/api/v1/transcriptions High
CVE-2024-8060 was published for open-webui (pip) Mar 20, 2025
Aim allows denial of service due to no timeouts for some tracking server endpoints High
CVE-2024-8061 was published for aim (pip) Mar 20, 2025
Open WebUI denial of service through endpoint for converting markdown High
CVE-2024-7983 was published for open-webui (pip) Mar 20, 2025
Prefect CORS (Cross-Origin Resource Sharing) misconfiguration High
CVE-2024-8183 was published for prefect (pip) Mar 20, 2025
srsapient
Credited to srsapient
Open WebUI lacks authentication for the `api/v1/utils/pdf` endpoint High
CVE-2024-8053 was published for open-webui (pip) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) via `HEAD` Request High
CVE-2024-8062 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
Open WebUI stored cross-site scripting (XSS) vulnerability High
CVE-2024-7990 was published for open-webui (pip) Mar 20, 2025
PyTorch Lightning denial of service vulnerability High
CVE-2024-8020 was published for pytorch-lightning (pip) Mar 20, 2025
Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability in api/chat/file High
GHSA-6wj5-5pgr-jwq8 was published for open-webui (pip) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint High
CVE-2024-7768 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
Open Neural Network Exchange (ONNX) Path Traversal Vulnerability High
CVE-2024-7776 was published for onnx (pip) Mar 20, 2025
Aim vulnerable to Cross-Site Request Forgery High
CVE-2024-7760 was published for aim (pip) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) via Large GZIP Parsing High
CVE-2024-7765 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
Open WebUI has SSRF in /openai/models High
CVE-2024-7959 was published for open-webui (pip) Mar 20, 2025
Open WebUI Vulnerable to a Session Fixation Attack High
CVE-2024-7053 was published for open-webui (pip) Mar 20, 2025
Open WebUI Cross-Site Request Forgery (CSRF) Vulnerability High
CVE-2024-7806 was published for open-webui (pip) Mar 20, 2025
Gunicorn HTTP Request/Response Smuggling vulnerability High
CVE-2024-6827 was published for gunicorn (pip) Mar 20, 2025
xzpjerry
Credited to xzpjerry
Open WebUI Allows Admin Deletion via API Endpoint High
CVE-2024-7039 was published for open-webui (pip) Mar 20, 2025
Open WebUI Uncontrolled Resource Consumption vulnerability High
CVE-2024-7036 was published for open-webui (pip) Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database