GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
268 advisories
Filter by severity
Ansible-Core vulnerable to content protections bypass
Low
CVE-2024-11079
was published
for
ansible-core
(pip)
Nov 12, 2024
configobj ReDoS exploitable by developer using values in a server-side configuration file
Low
CVE-2023-26112
was published
for
configobj
(pip)
Apr 3, 2023
sigstore has insufficient validation of integration timestamp during verification
Low
CVE-2024-55655
was published
for
sigstore
(pip)
Dec 11, 2024
Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions
Low
CVE-2024-53947
was published
for
apache-superset
(pip)
Dec 9, 2024
Certifi removes GLOBALTRUST root certificate
Low
CVE-2024-39689
was published
for
certifi
(pip)
Jul 5, 2024
PyJWT Issuer field partial matches allowed
Low
CVE-2024-53861
was published
for
PyJWT
(pip)
Dec 2, 2024
Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API
Low
CVE-2024-52008
was published
for
ethyca-fides
(pip)
Nov 26, 2024
OpenStack Nova host data leak to vm instance in rescue mode
Low
CVE-2014-0134
was published
for
nova
(pip)
May 17, 2022
Vyper's external calls can overflow return data to return input buffer
Low
CVE-2024-24560
was published
for
vyper
(pip)
Feb 2, 2024
LIEF obtain sensitive information via the name parameter
Low
CVE-2024-31636
was published
for
lief
(pip)
May 3, 2024
PyDrive2's unsafe YAML deserialization in LoadSettingsFile allows arbitrary code execution
Low
CVE-2023-49297
was published
for
PyDrive2
(pip)
Dec 5, 2023
Nautobot missing object-level permissions enforcement when running Job Buttons
Low
CVE-2023-51649
was published
for
nautobot
(pip)
Dec 22, 2023
Unauthenticated db-file-storage views
Low
CVE-2023-50263
was published
for
nautobot
(pip)
Dec 13, 2023
OpenStack Nova Scheduler denial of service through scheduler_hints
Low
CVE-2012-3371
was published
for
Nova
(pip)
May 17, 2022
Openstack Compute (Nova) Denial of service via network request that triggers large number of iptables rules
Low
CVE-2012-2101
was published
for
nova
(pip)
May 17, 2022
OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability
Low
CVE-2022-4134
was published
for
glance
(pip)
Mar 7, 2023
OpenStack Keystone Sensitive information disclosure via log files
Low
CVE-2013-2006
was published
for
keystone
(pip)
May 17, 2022
Zope allows local users to read arbitrary files
Low
CVE-2006-3458
was published
for
Zope2
(pip)
May 1, 2022
OpenStack Keystone intended authorization restrictions bypass
Low
CVE-2012-5571
was published
for
Keystone
(pip)
May 17, 2022
CHECK-fail in `QuantizeAndDequantizeV4Grad`
Low
CVE-2021-29544
was published
for
tensorflow
(pip)
May 21, 2021
Incorrect parsing of nameless cookies leads to __Host- cookies bypass
Low
CVE-2023-23934
was published
for
Werkzeug
(pip)
Feb 15, 2023
Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request
Low
CVE-2020-15239
was published
for
xmpp-http-upload
(pip)
Oct 6, 2020
vantage6 does not properly delete linked resources when deleting a collaboration
Low
CVE-2023-41881
was published
for
vantage6
(pip)
Oct 16, 2023
ProTip!
Advisories are also available from the
GraphQL API