GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,439 advisories
Filter by severity
Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files
Moderate
CVE-2024-1727
was published
for
gradio
(pip)
May 21, 2024
Duplicate Advisory: Cross-Site Request Forgery in Gradio
Moderate
GHSA-3x9g-xfj5-fq84
was published
for
gradio
(pip)
Mar 21, 2024
•
withdrawn
pubnub Insufficient Entropy vulnerability
Moderate
CVE-2023-26154
was published
for
Pubnub
(RubyGems)
Dec 6, 2023
Policies not properly enforced in bluemonday
Moderate
CVE-2021-42576
was published
for
github.com/microcosm-cc/bluemonday
(Go)
Oct 19, 2021
Scrapy leaks the authorization header on same-domain but cross-origin redirects
Moderate
CVE-2024-1968
was published
for
Scrapy
(pip)
May 14, 2024
aiosmtpd STARTTLS unencrypted commands injection
Moderate
CVE-2024-34083
was published
for
aiosmtpd
(pip)
May 20, 2024
Denial-of-service possibility in logout() view by filling session store
Moderate
CVE-2015-5964
was published
for
Django
(pip)
May 17, 2022
Cross-site request forgery in Django
Moderate
CVE-2011-0696
was published
for
django
(pip)
Jul 23, 2018
Django Denial of Service Vulnerability in the authentication framework
Moderate
CVE-2013-1443
was published
for
django
(pip)
May 17, 2022
MLflow allows low privilege users to delete any artifact
Moderate
CVE-2024-4263
was published
for
mlflow
(pip)
May 16, 2024
Django database denial-of-service with ModelMultipleChoiceField
Moderate
CVE-2015-0222
was published
for
Django
(pip)
May 17, 2022
OpenStack Glance Bypass the storage quota and Denial of service
Moderate
CVE-2014-9623
was published
for
glance
(pip)
May 17, 2022
OpenStack Glance Denial of service by creating a large number of images
Moderate
CVE-2014-9684
was published
for
glance
(pip)
May 17, 2022
OpenStack Glance Denial of service by creating a large number of images
Moderate
CVE-2015-1881
was published
for
glance
(pip)
May 17, 2022
OpenStack Glance improper validation of the image_size_cap configuration option
Moderate
CVE-2014-5356
was published
for
glance
(pip)
May 17, 2022
OpenStack Glance v2 API unrestricted path traversal through filesystem:// scheme
Moderate
CVE-2015-1195
was published
for
glance
(pip)
May 14, 2022
OpenStack Swift Unauthorized delete of versioned Swift object
Moderate
CVE-2015-1856
was published
for
swift
(pip)
May 14, 2022
OpenStack Swift metadata constraints are not correctly enforced
Moderate
CVE-2014-7960
was published
for
swift
(pip)
May 17, 2022
OpenStack Swift allows authenticated users to cause a denial of service
Moderate
CVE-2013-4155
was published
for
swift
(pip)
May 17, 2022
OpenStack Swift XML external entities (XXE) Injection
Moderate
CVE-2022-47950
was published
for
swift
(pip)
Jan 18, 2023
OpenStack Horizon Cross-site Scripting (XSS)
Moderate
CVE-2017-7400
was published
for
horizon
(pip)
May 14, 2022
OpenStack Nova Directory traversal vulnerability
Moderate
CVE-2012-3360
was published
for
nova
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API