GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,478
Erlang
33
GitHub Actions
24
Go
2,208
Maven
5,000+
npm
3,865
NuGet
696
pip
3,642
Pub
12
RubyGems
913
Rust
919
Swift
38
Unreviewed advisories
All unreviewed
5,000+
3,642 advisories
Filter by severity
TorchServe script references S3 bucket without ensuring ownership or confirming accessibility
Moderate
CVE-2024-6577
was published
for
torchserve
(pip)
Mar 20, 2025
Open WebUI Allows Arbitrary File Write via the `download_model` Endpoint
Moderate
CVE-2024-7033
was published
for
open-webui
(pip)
Mar 20, 2025
Open WebUI Allows Arbitrary File Write via the `/models/upload` Endpoint
Moderate
CVE-2024-7034
was published
for
open-webui
(pip)
Mar 20, 2025
Aim External Control of File Name or Path vulnerability
Critical
CVE-2024-6829
was published
for
aim
(pip)
Mar 20, 2025
MLflow Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2024-6838
was published
for
mlflow
(pip)
Mar 20, 2025
Open WebUI Allows Arbitrary File Reading and Deletion
High
CVE-2024-7043
was published
for
open-webui
(pip)
Mar 20, 2025
Open WebUI Vulnerable to Cross-Site Scripting (XSS) via Chat File Upload
Moderate
CVE-2024-7044
was published
for
open-webui
(pip)
Mar 20, 2025
Flask-CORS improper regex path matching vulnerability
Moderate
CVE-2024-6839
was published
for
flask-cors
(pip)
Mar 20, 2025
Flask-CORS vulnerable to Improper Handling of Case Sensitivity
Moderate
CVE-2024-6866
was published
for
flask-cors
(pip)
Mar 20, 2025
Aim Uncontrolled Resource Consumption vulnerability
High
CVE-2024-12778
was published
for
aim
(pip)
Mar 20, 2025
Open WebUI has vulnerable dependency on starlette via fastapi
High
CVE-2024-12868
was published
for
open-webui
(pip)
Mar 20, 2025
LlamaIndex SQL Injection vulnerability
Critical
CVE-2024-12909
was published
for
llama-index
(pip)
Mar 20, 2025
LlamaIndex Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2024-12910
was published
for
llama-index
(pip)
Mar 20, 2025
LlamaIndex vulnerable to Creation of Temporary File in Directory with Insecure Permissions
High
CVE-2024-12911
was published
for
llama-index
(pip)
Mar 20, 2025
Aim Relative Path Traversal vulnerability
Moderate
CVE-2024-6483
was published
for
aim
(pip)
Mar 20, 2025
Open WebUI Uncontrolled Resource Consumption vulnerability
High
CVE-2024-12537
was published
for
open-webui
(npm)
Mar 20, 2025
Transformers Regular Expression Denial of Service (ReDoS) vulnerability
Moderate
CVE-2024-12720
was published
for
transformers
(pip)
Mar 20, 2025
LlamaIndex Improper Handling of Exceptional Conditions vulnerability
High
CVE-2024-12704
was published
for
llama_index
(pip)
Mar 20, 2025
FastChat Server-Side Request Forgery vulnerability
High
CVE-2024-12376
was published
for
fschat
(pip)
Mar 20, 2025
imaginAIry Denial of Service (DoS) vulnerability
High
CVE-2024-12761
was published
for
imaginAIry
(pip)
Mar 20, 2025
Open WebUI Uncontrolled Resource Consumption vulnerability
High
CVE-2024-12534
was published
for
open-webui
(npm)
Mar 20, 2025
BentoML Open Redirect vulnerability
Moderate
CVE-2024-12760
was published
for
bentoml
(pip)
Mar 20, 2025
BentoML vulnerable to Uncontrolled Resource Consumption
High
CVE-2024-12759
was published
for
bentoml
(pip)
Mar 20, 2025
Aim vulnerable to Synchronous Access of Remote Resource without Timeout
Moderate
CVE-2024-12777
was published
for
aim
(pip)
Mar 20, 2025
Feast Cross-Origin Resource Sharing vulnerability
High
CVE-2024-11602
was published
for
feast
(pip)
Mar 20, 2025
ProTip!
Advisories are also available from the
GraphQL API