GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
196 advisories
BBOT's gitlab.py exposes globally configured "gitlab" API key
Moderate
CVE-2025-10282
was published
for
bbot
(pip)
Oct 27, 2025
BBOT's git_clone.py can expose users' GitHub API keys to an attacker-controlled webserver
Moderate
CVE-2025-10281
was published
for
bbot
(pip)
Oct 9, 2025
Indico vulnerability allows attackers to bulk dump user details
Moderate
CVE-2025-53640
was published
for
indico
(pip)
Jul 14, 2025
Sentry's Python SDK unintentionally exposes environment variables to subprocesses
Low
CVE-2024-40647
was published
for
sentry-sdk
(pip)
Jul 18, 2024
Frappe vulnerable to information disclosure leading to account takeover
High
CVE-2025-30214
was published
for
frappe
(pip)
Mar 25, 2025
urllib3's request body not stripped after redirect from 303 status changes request method to GET
Moderate
CVE-2023-45803
was published
for
urllib3
(pip)
Oct 17, 2023
sniff_csv provides filesystem access even when enable_external_access is disabled in duckdb
High
CVE-2024-41672
was published
for
duckdb
(pip)
Jan 21, 2025
ProTip!
Advisories are also available from the
GraphQL API