GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,956
Erlang
29
GitHub Actions
16
Go
1,740
Maven
4,967
npm
3,507
NuGet
609
pip
3,064
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
279 advisories
Filter by severity
Salt uses weak permissions on the cache data
Low
CVE-2015-8034
was published
for
salt
(pip)
May 17, 2022
MoinMoin Cross-site Scripting (XSS) vulnerability
Low
CVE-2011-1058
was published
for
moin
(pip)
May 17, 2022
Openstack Compute (Nova) Denial of service via network request that triggers large number of iptables rules
Low
CVE-2012-2101
was published
for
nova
(pip)
May 17, 2022
OpenStack Keystone intended authorization restrictions bypass
Low
CVE-2012-5571
was published
for
Keystone
(pip)
May 17, 2022
OpenStack Glance is vulnerable to Exposure of Sensitive Information
Low
CVE-2013-1840
was published
for
glance
(pip)
May 17, 2022
RPLY Predictable Tmpfile Names Allows Cache Spoofing
Low
CVE-2014-1604
was published
for
RPLY
(pip)
May 17, 2022
pyxdg Arbitrary File Overwrite via Race Condition
Low
CVE-2014-1624
was published
for
pyxdg
(pip)
May 17, 2022
python-keystoneclient unsecure user password update
Low
CVE-2013-2013
was published
for
python-keystoneclient
(pip)
May 17, 2022
OpenStack Heat template URL information leakage
Low
CVE-2014-3801
was published
for
openstack-heat
(pip)
May 14, 2022
Libcloud does not properly scrub data when destroying a DigitalOcean node
Low
CVE-2013-6480
was published
for
apache-libcloud
(pip)
May 14, 2022
Django data leakage via querystring manipulation in admin
Low
CVE-2014-0483
was published
for
Django
(pip)
May 14, 2022
Ansible Arbitrary File Overwrite Vulnerability
Low
CVE-2013-4260
was published
for
ansible
(pip)
May 14, 2022
Ansible uses a socket with predictable filename in /tmp
Low
CVE-2013-4259
was published
for
Ansible
(pip)
May 14, 2022
OpenStack Nova live snapshots use an insecure local directory
Low
CVE-2013-7048
was published
for
nova
(pip)
May 14, 2022
OpenStack Oslo utility sensitive information exposure via log files
Low
CVE-2014-7231
was published
for
oslo.utils
(pip)
May 14, 2022
httplib2 incorrectly checks SSL certificate
Low
CVE-2013-2037
was published
for
httplib2
(pip)
May 14, 2022
Improper Link Resolution Before File Access in Suds
Low
CVE-2013-2217
was published
for
suds
(pip)
May 14, 2022
MySQL Connectors Privilege Escalation
Low
CVE-2017-3590
was published
for
mysql-connector-python
(pip)
May 13, 2022
OpenStack Horizon Cross-site scripting (XSS) vulnerability
Low
CVE-2014-3474
was published
for
horizon
(pip)
May 13, 2022
OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability in the Host Aggregates interface
Low
CVE-2014-3594
was published
for
horizon
(pip)
May 13, 2022
Improper Link Resolution Before File Access in pip
Low
CVE-2013-1888
was published
for
pip
(pip)
May 13, 2022
pip lack of randomness in build directory
Low
CVE-2014-8991
was published
for
pip
(pip)
May 13, 2022
MoinMoin Cross-site Scripting (XSS) vulnerability
Low
CVE-2010-0828
was published
for
moin
(pip)
May 2, 2022
ProTip!
Advisories are also available from the
GraphQL API