GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,966
Erlang
29
GitHub Actions
16
Go
1,747
Maven
4,975
npm
3,507
NuGet
609
pip
3,072
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,347 advisories
Filter by severity
Minimal `basti` IAM Policy Allows Shell Access
Low
GHSA-q4pp-j36h-3gqg
was published
for
basti-cdk
(npm)
Aug 24, 2023
Insufficient Protection against HTTP Request Smuggling in mitmproxy
Critical
CVE-2022-24766
was published
for
mitmproxy
(pip)
Mar 22, 2022
Server-Side Request Forgery in calibreweb
Critical
CVE-2022-0766
was published
for
calibreweb
(pip)
Mar 8, 2022
Server-Side Request Forgery in calibreweb
Critical
CVE-2022-0767
was published
for
calibreweb
(pip)
Mar 8, 2022
calibre-web is vulnerable to Business Logic Errors
Critical
CVE-2021-4171
was published
for
calibreweb
(pip)
Jan 21, 2022
Improper Verification of Cryptographic Signature in starkbank-ecdsa
Critical
CVE-2021-43572
was published
for
starkbank-ecdsa
(pip)
Nov 10, 2021
Remote code execution in dask
Critical
CVE-2021-42343
was published
for
distributed
(pip)
Oct 27, 2021
Missing Authentication for Critical Function in Apache Airflow
Critical
CVE-2021-38540
was published
for
apache-airflow
(pip)
May 24, 2022
Arbitrary code execution due to YAML deserialization
Critical
CVE-2021-37678
was published
for
tensorflow
(pip)
Aug 25, 2021
Improper Input Validation in PyYAML
Critical
CVE-2020-14343
was published
for
PyYAML
(pip)
Mar 25, 2021
Arbitrary code execution in clickhouse-driver
Critical
CVE-2020-26759
was published
for
clickhouse-driver
(pip)
Apr 7, 2021
remote code execution via cache action in MoinMoin
Critical
CVE-2020-25074
was published
for
moin
(pip)
Nov 11, 2020
Unsafe deserialization in MLAlchemy
Critical
CVE-2017-16615
was published
for
MLAlchemy
(pip)
Jul 13, 2018
Ansible fails to properly mark lookup-plugin results as unsafe
Critical
CVE-2017-7481
was published
for
ansible
(pip)
Sep 6, 2018
Deserialization of Untrusted Data in superset
Critical
CVE-2018-8021
was published
for
superset
(pip)
Nov 9, 2018
Ansible fails to properly sanitize fact variables sent from the Ansible controller
Critical
CVE-2016-8628
was published
for
ansible
(pip)
Oct 10, 2018
Loaded Databook of Tablib prone to python insertion resulting in command execution
Critical
CVE-2017-2810
was published
for
tablib
(pip)
Jul 13, 2018
Withdrawn Advisory: kubernetes-nmstate Insecure Privilege Management
High
CVE-2020-1742
was published
for
github.com/nmstate/kubernetes-nmstate
(Go)
May 24, 2022
•
withdrawn
Django Rest Framework jwt allows obtaining new token from notionally invalidated token
Critical
CVE-2020-10594
was published
for
drf-jwt
(pip)
Jun 5, 2020
Active Support Possibly Discloses Locally Encrypted Files
Low
CVE-2023-38037
was published
for
activesupport
(RubyGems)
Aug 23, 2023
SilverStripe CMS Cross-site Scripting vulnerabilities inherited from TinyMCE
Moderate
GHSA-jxcx-3h54-qqxx
was published
for
silverstripe/admin
(Composer)
Aug 23, 2023
ProTip!
Advisories are also available from the
GraphQL API