GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
53 advisories
Filter by severity
Sentry vulnerable to invite code reuse via cookie manipulation
Moderate
CVE-2022-23485
was published
for
sentry
(pip)
Dec 12, 2022
GitPython vulnerable to Remote Code Execution due to improper user input validation
Critical
CVE-2022-24439
was published
for
GitPython
(pip)
Dec 6, 2022
Arches vulnerable to execution of arbitrary SQL
High
CVE-2022-41892
was published
for
arches
(pip)
Nov 11, 2022
cleo is vulnerable to Regular Expression Denial of Service (ReDoS)
Moderate
CVE-2022-42966
was published
for
cleo
(pip)
Nov 10, 2022
Uncontrolled Resource Consumption in asyncua and opcua
High
CVE-2022-25304
was published
for
asyncua
(pip)
Aug 24, 2022
Ansible password prompts could expose passwords
High
CVE-2019-10206
was published
for
ansible
(pip)
May 24, 2022
Plone User account enumeration via crafted URL
Moderate
CVE-2012-5497
was published
for
plone
(pip)
May 17, 2022
OpenStack Image Service (Glance) allows remote authenticated users to read arbitrary file
High
CVE-2015-5163
was published
for
glance
(pip)
May 17, 2022
Cross-site Scripting in Mistune
Moderate
CVE-2017-15612
was published
for
mistune
(pip)
May 17, 2022
Improper Restriction of XML External Entity Reference in python-docx
High
CVE-2016-5851
was published
for
python-docx
(pip)
May 13, 2022
Incorrect Default Permissions in Cobbler
High
CVE-2021-45083
was published
for
cobbler
(pip)
Feb 21, 2022
Signature verification vulnerability in Stark Bank ecdsa libraries
High
GHSA-9wx7-jrvc-28mm
was published
for
com.starkbank:ecdsa-java
(Maven)
Nov 8, 2021
Authentication Bypass Using an Alternate Path or Channel and Authentication Bypass by Primary Weakness in rucio-webui
High
GHSA-v988-828w-xvf2
was published
for
rucio-webui
(pip)
Oct 22, 2021
Deserialization of Untrusted Data in ParlAI
Moderate
CVE-2021-24040
was published
for
parlai
(pip)
Sep 13, 2021
XML External Entity Injection in PyWPS
High
CVE-2021-39371
was published
for
pywps
(pip)
Sep 2, 2021
ProTip!
Advisories are also available from the
GraphQL API