Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,956
Erlang
29
GitHub Actions
16
Go
1,740
Maven
4,967
npm
3,507
NuGet
609
pip
3,064
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

279 advisories

Salt uses weak permissions on the cache data Low
CVE-2015-8034 was published for salt (pip) May 17, 2022
Loggerhead XSS via filename Low
CVE-2011-0728 was published for loggerhead (pip) May 17, 2022
MoinMoin Cross-site Scripting (XSS) vulnerability Low
CVE-2011-1058 was published for moin (pip) May 17, 2022
Openstack Compute (Nova) Denial of service via network request that triggers large number of iptables rules Low
CVE-2012-2101 was published for nova (pip) May 17, 2022
OpenStack Keystone intended authorization restrictions bypass Low
CVE-2012-5571 was published for Keystone (pip) May 17, 2022
OpenStack Glance is vulnerable to Exposure of Sensitive Information Low
CVE-2013-1840 was published for glance (pip) May 17, 2022
RPLY Predictable Tmpfile Names Allows Cache Spoofing Low
CVE-2014-1604 was published for RPLY (pip) May 17, 2022
pyxdg Arbitrary File Overwrite via Race Condition Low
CVE-2014-1624 was published for pyxdg (pip) May 17, 2022
Django User Enumeration Vulnerability Low
CVE-2016-2513 was published for django (pip) May 17, 2022
MarkLee131
python-keystoneclient unsecure user password update Low
CVE-2013-2013 was published for python-keystoneclient (pip) May 17, 2022
OpenStack Heat template URL information leakage Low
CVE-2014-3801 was published for openstack-heat (pip) May 14, 2022
Libcloud does not properly scrub data when destroying a DigitalOcean node Low
CVE-2013-6480 was published for apache-libcloud (pip) May 14, 2022
Django data leakage via querystring manipulation in admin Low
CVE-2014-0483 was published for Django (pip) May 14, 2022
MarkLee131
Ansible Arbitrary File Overwrite Vulnerability Low
CVE-2013-4260 was published for ansible (pip) May 14, 2022
Ansible uses a socket with predictable filename in /tmp Low
CVE-2013-4259 was published for Ansible (pip) May 14, 2022
OpenStack Nova live snapshots use an insecure local directory Low
CVE-2013-7048 was published for nova (pip) May 14, 2022
OpenStack Oslo utility sensitive information exposure via log files Low
CVE-2014-7231 was published for oslo.utils (pip) May 14, 2022
httplib2 incorrectly checks SSL certificate Low
CVE-2013-2037 was published for httplib2 (pip) May 14, 2022
Improper Link Resolution Before File Access in Suds Low
CVE-2013-2217 was published for suds (pip) May 14, 2022
MySQL Connectors Privilege Escalation Low
CVE-2017-3590 was published for mysql-connector-python (pip) May 13, 2022
OpenStack Horizon Cross-site scripting (XSS) vulnerability Low
CVE-2014-3474 was published for horizon (pip) May 13, 2022
OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability in the Host Aggregates interface Low
CVE-2014-3594 was published for horizon (pip) May 13, 2022
Improper Link Resolution Before File Access in pip Low
CVE-2013-1888 was published for pip (pip) May 13, 2022
pip lack of randomness in build directory Low
CVE-2014-8991 was published for pip (pip) May 13, 2022
MoinMoin Cross-site Scripting (XSS) vulnerability Low
CVE-2010-0828 was published for moin (pip) May 2, 2022
ProTip! Advisories are also available from the GraphQL API