Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+

285 advisories

Loading
Plone Cross-site scripting Vulnerability Low
CVE-2012-5502 was published for plone (pip) May 17, 2022
ceph-deploy uses world-readable permissions on client.admin key Low
CVE-2015-4053 was published for ceph-deploy (pip) May 17, 2022
OpenStack Neutron Race condition vulnerability Low
CVE-2015-5240 was published for neutron (pip) May 17, 2022
SimpleGeo python-oauth2 vulnerable to the use of Insufficiently Random Values to generate nonces Low
CVE-2013-4347 was published for oauth2 (pip) May 17, 2022
ceph-deploy allows local users to obtain sensitive information by reading the file Low
CVE-2015-3010 was published for ceph-deploy (pip) May 17, 2022
Urllib3 Incorrect Certificate Validation Low
CVE-2016-9015 was published for urllib3 (pip) May 17, 2022
Salt uses weak permissions on the cache data Low
CVE-2015-8034 was published for salt (pip) May 17, 2022
Loggerhead XSS via filename Low
CVE-2011-0728 was published for loggerhead (pip) May 17, 2022
MoinMoin Cross-site Scripting (XSS) vulnerability Low
CVE-2011-1058 was published for moin (pip) May 17, 2022
Openstack Compute (Nova) Denial of service via network request that triggers large number of iptables rules Low
CVE-2012-2101 was published for nova (pip) May 17, 2022
OpenStack Keystone intended authorization restrictions bypass Low
CVE-2012-5571 was published for Keystone (pip) May 17, 2022
OpenStack Glance is vulnerable to Exposure of Sensitive Information Low
CVE-2013-1840 was published for glance (pip) May 17, 2022
RPLY Predictable Tmpfile Names Allows Cache Spoofing Low
CVE-2014-1604 was published for RPLY (pip) May 17, 2022
pyxdg Arbitrary File Overwrite via Race Condition Low
CVE-2014-1624 was published for pyxdg (pip) May 17, 2022
Django User Enumeration Vulnerability Low
CVE-2016-2513 was published for django (pip) May 17, 2022
MarkLee131
python-keystoneclient unsecure user password update Low
CVE-2013-2013 was published for python-keystoneclient (pip) May 17, 2022
OpenStack Heat template URL information leakage Low
CVE-2014-3801 was published for openstack-heat (pip) May 14, 2022
Libcloud does not properly scrub data when destroying a DigitalOcean node Low
CVE-2013-6480 was published for apache-libcloud (pip) May 14, 2022
Django data leakage via querystring manipulation in admin Low
CVE-2014-0483 was published for Django (pip) May 14, 2022
MarkLee131
Ansible uses a socket with predictable filename in /tmp Low
CVE-2013-4259 was published for Ansible (pip) May 14, 2022
Ansible Arbitrary File Overwrite Vulnerability Low
CVE-2013-4260 was published for ansible (pip) May 14, 2022
OpenStack Nova live snapshots use an insecure local directory Low
CVE-2013-7048 was published for nova (pip) May 14, 2022
OpenStack Oslo utility sensitive information exposure via log files Low
CVE-2014-7231 was published for oslo.utils (pip) May 14, 2022
httplib2 incorrectly checks SSL certificate Low
CVE-2013-2037 was published for httplib2 (pip) May 14, 2022
Improper Link Resolution Before File Access in Suds Low
CVE-2013-2217 was published for suds (pip) May 14, 2022
ProTip! Advisories are also available from the GraphQL API