Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,946
Erlang
29
GitHub Actions
16
Go
1,734
Maven
4,963
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
779
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,068 advisories

OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability in the Host Aggregates interface Low
CVE-2014-3594 was published for horizon (pip) May 13, 2022
OpenStack Nova live snapshots use an insecure local directory Low
CVE-2013-7048 was published for nova (pip) May 14, 2022
Openstack Compute (Nova) Denial of service via network request that triggers large number of iptables rules Low
CVE-2012-2101 was published for nova (pip) May 17, 2022
OpenStack Neutron Race condition vulnerability Low
CVE-2015-5240 was published for neutron (pip) May 17, 2022
OpenStack Nova VMWare driver leaks rescued images Low
CVE-2014-2573 was published for nova (pip) May 17, 2022
OpenStack Nova denial of service through compressed disk images Low
CVE-2013-4463 was published for nova (pip) May 17, 2022
OpenStack Nova host data leak to vm instance in rescue mode Low
CVE-2014-0134 was published for nova (pip) May 17, 2022
OpenStack Compute (Nova) Denial of service due to improper validation of virtual size of QCOW2 image Low
CVE-2013-4469 was published for nova (pip) May 17, 2022
OpenStack Keystone Sensitive information disclosure via log files Low
CVE-2013-2006 was published for keystone (pip) May 17, 2022
OpenStack Oslo utility sensitive information exposure via log files Low
CVE-2014-7231 was published for oslo.utils (pip) May 14, 2022
OpenStack Cinder LVMVolumeDriver does not zero deleted snapshots Low
CVE-2013-4183 was published for cinder (pip) May 17, 2022
OpenStack Compute (Nova) Resource limit circumvention in Nova private flavors Low
CVE-2013-4278 was published for nova (pip) May 17, 2022
OpenStack Nova Changing vnic_type breaks compute service restart Low
CVE-2022-37394 was published for nova (pip) Aug 4, 2022
OpenStack Glance is vulnerable to Exposure of Sensitive Information Low
CVE-2013-1840 was published for glance (pip) May 17, 2022
OpenStack Glance sensitive information disclosure via logs Low
CVE-2014-1948 was published for glance (pip) May 17, 2022
Local File Inclusion vulnerability in zmarkdown Low
GHSA-mq6v-w35g-3c97 was published for zmarkdown (npm) Feb 3, 2024
gustavi
containerd started with non-empty inheritable Linux process capabilities Low
GHSA-c9cp-9c75-9v8c was published for github.com/containerd/containerd (Go) May 14, 2024
Grafana Forward OAuth Identity Token can allow users to access some data sources Low
CVE-2022-21673 was published for github.com/grafana/grafana (Go) May 14, 2024
mxalis
datadog/dd-trace Circumvents open_basedir INI directive Low
GHSA-qvgg-r6rq-vwfx was published for datadog/dd-trace (Composer) May 15, 2024
Laravel Encrypter Failure to decryption vulnerability Low
GHSA-6wjw-qf87-fv5v was published for illuminate/encryption (Composer) May 15, 2024
Monolog Header injection in NativeMailerHandler Low
GHSA-f57v-q966-7fh6 was published for monolog/monolog (Composer) May 15, 2024
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 Low
GHSA-r95h-9x8f-r3f7 was published for nokogiri (RubyGems) May 13, 2024
CommanderStorm postmodern
Duplicate Advisory: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 Low
GHSA-r3w4-36x6-7r99 was published for nokogiri (RubyGems) May 14, 2024 withdrawn
Django data leakage via querystring manipulation in admin Low
CVE-2014-0483 was published for Django (pip) May 14, 2022
MarkLee131
Insecure deserialize Vulnerability in FLOW3 Low
GHSA-7h74-7vcw-4mwp was published for neos/flow (Composer) May 17, 2024
ProTip! Advisories are also available from the GraphQL API