GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,125 advisories
Filter by severity
pretix Stored Cross-site Scripting vulnerability
High
CVE-2024-8113
was published
for
pretix
(pip)
Aug 23, 2024
OpenStack Neutron's unsupported dport option prevents applying security groups
High
CVE-2019-9735
was published
for
neutron
(pip)
May 13, 2022
JupyterHub OAuthenticator elevation of privilege
High
CVE-2018-7206
was published
for
oauthenticator
(pip)
May 13, 2022
OpenStack Neutron vulnerable to hardware address impersonation
High
CVE-2021-38598
was published
for
neutron
(pip)
May 24, 2022
Heap-based Buffer Overflow in sqlite-vec
High
CVE-2024-46488
was published
for
sqlite-vec
(RubyGems)
Sep 25, 2024
Base class whitelist configuration ignored in OAuthenticator
High
CVE-2020-26250
was published
for
oauthenticator
(pip)
Dec 1, 2020
Special Element Injection in notebook
High
CVE-2021-32798
was published
for
notebook
(pip)
Aug 23, 2021
Numpy arbitrary file write via symlink attack
High
CVE-2014-1859
was published
for
numpy
(pip)
May 14, 2022
OAuth2 client ID and secret exposed through the web browser
High
CVE-2024-9014
was published
for
pgadmin4
(pip)
Sep 23, 2024
Arbitrary file overwrite in OpenStack Nova
High
CVE-2012-3447
was published
for
nova
(pip)
May 17, 2022
MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form
High
CVE-2023-34457
was published
for
MechanicalSoup
(pip)
Jul 5, 2023
modoboa Cross-site Scripting vulnerability
High
CVE-2023-5689
was published
for
modoboa
(pip)
Oct 20, 2023
MoinMoin Improper Access Control vulnerability
High
CVE-2009-4762
was published
for
moin
(pip)
May 2, 2022
Mercurial has Incorrect Permission Assignment for Critical Resource
High
CVE-2017-9462
was published
for
mercurial
(pip)
Jul 13, 2018
MoinMoin Exposure of Sensitive Disclosure when GATEWAY_INTERFACE variable is set
High
CVE-2010-0667
was published
for
moin
(pip)
May 2, 2022
Mercurial vulnerable to arbitrary code execution when converting Git repos
High
CVE-2016-3105
was published
for
mercurial
(pip)
May 17, 2022
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG
High
CVE-2019-11842
was published
for
matrix-sydent
(pip)
May 24, 2022
Denial of service attack due to invalid JSON
High
CVE-2020-26890
was published
for
matrix-synapse
(pip)
Nov 24, 2020
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths
High
CVE-2022-31052
was published
for
matrix-synapse
(pip)
Jun 29, 2022
Open redirect via transitional IPv6 addresses on dual-stack networks
High
CVE-2021-21392
was published
for
matrix-synapse
(pip)
Apr 13, 2021
Denial of service due to incorrect application of event authorization rules
High
CVE-2022-31152
was published
for
matrix-synapse
(pip)
Aug 31, 2022
ProTip!
Advisories are also available from the
GraphQL API