Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,079 advisories

Loading
OpenStack Compute (Nova) Denial of service due to improper validation of virtual size of QCOW2 image Low
CVE-2013-4469 was published for nova (pip) May 17, 2022
OpenStack Nova host data leak to vm instance in rescue mode Low
CVE-2014-0134 was published for nova (pip) May 17, 2022
OpenStack Nova denial of service through compressed disk images Low
CVE-2013-4463 was published for nova (pip) May 17, 2022
OpenStack Nova VMWare driver leaks rescued images Low
CVE-2014-2573 was published for nova (pip) May 17, 2022
OpenStack Neutron Race condition vulnerability Low
CVE-2015-5240 was published for neutron (pip) May 17, 2022
Openstack Compute (Nova) Denial of service via network request that triggers large number of iptables rules Low
CVE-2012-2101 was published for nova (pip) May 17, 2022
OpenStack Nova live snapshots use an insecure local directory Low
CVE-2013-7048 was published for nova (pip) May 14, 2022
OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability in the Host Aggregates interface Low
CVE-2014-3594 was published for horizon (pip) May 13, 2022
sshproxy vulnerable to SSH option injection Low
CVE-2024-34713 was published for github.com/cea-hpc/sshproxy (Go) May 14, 2024
TYPO3 vulnerable to an HTML Injection in the History Module Low
CVE-2024-34355 was published for typo3/cms-core (Composer) May 14, 2024
andreaskienast bnf
octo-sts vulnerable to unauthenticated attacker causing unbounded CPU and memory usage Low
CVE-2024-34079 was published for github.com/octo-sts/app (Go) May 13, 2024
enj
Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options, Variants) in Admin Panel Low
CVE-2024-34349 was published for sylius/sylius (Composer) May 10, 2024
thelounge may publicly disclose of all usernames/idents via port 113 Low
GHSA-g49q-jw42-6x85 was published for thelounge (npm) May 9, 2024
Juerd
Openstack nova qcow format could expose host filesystem information Low
CVE-2011-3147 was published for nova (pip) Apr 22, 2022
OpenStack Nova can leak consoleauth token into log files Low
CVE-2015-9543 was published for Nova (pip) May 24, 2022
Django User Enumeration Vulnerability Low
CVE-2016-2513 was published for django (pip) May 17, 2022
MarkLee131
Kimai information disclosure vulnerability Low
CVE-2024-4596 was published for kimai/kimai (Composer) May 7, 2024
Firebase vulnerable to CRSF attack Low
CVE-2024-4128 was published for firebase-tools (npm) May 2, 2024
Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext Low
CVE-2024-34147 was published for org.jenkins-ci.plugins:telegrambot (Maven) May 2, 2024
Regular expression denial-of-service in Django Low
CVE-2024-27351 was published for django (pip) Mar 15, 2024
MarkLee131
Wagtail has permission check bypass when editing a model with per-field restrictions through `wagtail.contrib.settings` or `ModelViewSet` Low
CVE-2024-32882 was published for wagtail (pip) May 1, 2024
jams2 Morsey187
RealOrangeOne laymonage
Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin Low
CVE-2024-3177 was published for k8s.io/kubernetes (Go) Apr 23, 2024
Undici proxy-authorization header not cleared on cross-origin redirect in fetch Low
CVE-2024-24758 was published for undici (npm) Feb 16, 2024
T1m0n0 mcollina
SaltStack Salt Improper Authentication via Man in the Middle Attack Low
CVE-2022-22935 was published for salt (pip) Mar 30, 2022
XMLUnit for Java has Insecure Defaults when Processing XSLT Stylesheets Low
CVE-2024-31573 was published for org.xmlunit:xmlunit-core (Maven) May 1, 2024
c1gar
ProTip! Advisories are also available from the GraphQL API