GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
285 advisories
Filter by severity
MySQL Connectors Privilege Escalation
Low
CVE-2017-3590
was published
for
mysql-connector-python
(pip)
May 13, 2022
OpenStack Horizon Cross-site scripting (XSS) vulnerability
Low
CVE-2014-3474
was published
for
horizon
(pip)
May 13, 2022
OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability in the Host Aggregates interface
Low
CVE-2014-3594
was published
for
horizon
(pip)
May 13, 2022
pip lack of randomness in build directory
Low
CVE-2014-8991
was published
for
pip
(pip)
May 13, 2022
Improper Link Resolution Before File Access in pip
Low
CVE-2013-1888
was published
for
pip
(pip)
May 13, 2022
MoinMoin Cross-site Scripting (XSS) vulnerability
Low
CVE-2010-0828
was published
for
moin
(pip)
May 2, 2022
Django vulnerable to Denial of Service via i18n middleware component
Low
CVE-2007-5712
was published
for
Django
(pip)
May 1, 2022
Openstack nova qcow format could expose host filesystem information
Low
CVE-2011-3147
was published
for
nova
(pip)
Apr 22, 2022
SaltStack Salt Improper Authentication via Man in the Middle Attack
Low
CVE-2022-22935
was published
for
salt
(pip)
Mar 30, 2022
Exposure of Sensitive information in httpie
Low
CVE-2022-0430
was published
for
httpie
(pip)
Mar 16, 2022
Forwarding of confidentials headers to third parties in fluture-node
Low
CVE-2022-24719
was published
for
fluture-node
(npm)
Mar 1, 2022
Arbitrary file deletion in NeMo ASR webapp
Low
GHSA-rpx7-33j2-xx9x
was published
for
nemo_toolkit
(pip)
Feb 15, 2022
Incorrect Permission Assignment for Critical Resource in Ansible
Low
CVE-2020-1736
was published
for
ansible
(pip)
Feb 9, 2022
Withdrawn: Code Injection in loguru
Low
CVE-2022-0329
was published
for
loguru
(pip)
Jan 28, 2022
•
withdrawn
Comment reply notifications sent to incorrect users
Low
CVE-2022-21683
was published
for
wagtail
(pip)
Jan 21, 2022
Incorrect Permission Assignment for Critical Resource in OnionShare
Low
CVE-2022-21694
was published
for
onionshare-cli
(pip)
Jan 21, 2022
Open Redirect in Flask-Security-Too
Low
GHSA-gxjj-f44v-qm94
was published
for
Flask-Security-Too
(pip)
Dec 14, 2021
•
withdrawn
incomplete JupyterHub logout with simultaneous JupyterLab sessions
Low
CVE-2021-41247
was published
for
jupyterhub
(pip)
Nov 8, 2021
Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner.
Low
CVE-2021-39163
was published
for
matrix-synapse
(pip)
Sep 1, 2021
Improper authorisation of members discloses room membership to non-members
Low
CVE-2021-39164
was published
for
matrix-synapse
(pip)
Sep 1, 2021
Segfault in `tf.raw_ops.SparseCountSparseOutput`
Low
CVE-2021-29619
was published
for
tensorflow
(pip)
May 21, 2021
Crash in `tf.transpose` with complex inputs
Low
CVE-2021-29618
was published
for
tensorflow
(pip)
May 21, 2021
Crash in `tf.strings.substr` due to `CHECK`-fail
Low
CVE-2021-29617
was published
for
tensorflow
(pip)
May 21, 2021
ProTip!
Advisories are also available from the
GraphQL API