Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+

285 advisories

Loading
MySQL Connectors Privilege Escalation Low
CVE-2017-3590 was published for mysql-connector-python (pip) May 13, 2022
OpenStack Horizon Cross-site scripting (XSS) vulnerability Low
CVE-2014-3474 was published for horizon (pip) May 13, 2022
OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability in the Host Aggregates interface Low
CVE-2014-3594 was published for horizon (pip) May 13, 2022
pip lack of randomness in build directory Low
CVE-2014-8991 was published for pip (pip) May 13, 2022
Improper Link Resolution Before File Access in pip Low
CVE-2013-1888 was published for pip (pip) May 13, 2022
MoinMoin Cross-site Scripting (XSS) vulnerability Low
CVE-2010-0828 was published for moin (pip) May 2, 2022
Django vulnerable to Denial of Service via i18n middleware component Low
CVE-2007-5712 was published for Django (pip) May 1, 2022
MarkLee131
Openstack nova qcow format could expose host filesystem information Low
CVE-2011-3147 was published for nova (pip) Apr 22, 2022
SaltStack Salt Improper Authentication via Man in the Middle Attack Low
CVE-2022-22935 was published for salt (pip) Mar 30, 2022
Exposure of Sensitive information in httpie Low
CVE-2022-0430 was published for httpie (pip) Mar 16, 2022
Infinite loop in Pillow Low
GHSA-4fx9-vc88-q2xc was published for Pillow (pip) Mar 11, 2022
Forwarding of confidentials headers to third parties in fluture-node Low
CVE-2022-24719 was published for fluture-node (npm) Mar 1, 2022
Arbitrary file deletion in NeMo ASR webapp Low
GHSA-rpx7-33j2-xx9x was published for nemo_toolkit (pip) Feb 15, 2022
haby0
Incorrect Permission Assignment for Critical Resource in Ansible Low
CVE-2020-1736 was published for ansible (pip) Feb 9, 2022
Withdrawn: Code Injection in loguru Low
CVE-2022-0329 was published for loguru (pip) Jan 28, 2022 withdrawn
Comment reply notifications sent to incorrect users Low
CVE-2022-21683 was published for wagtail (pip) Jan 21, 2022
dest81
Incorrect Permission Assignment for Critical Resource in OnionShare Low
CVE-2022-21694 was published for onionshare-cli (pip) Jan 21, 2022
Open Redirect in Flask-Security-Too Low
GHSA-gxjj-f44v-qm94 was published for Flask-Security-Too (pip) Dec 14, 2021 withdrawn
incomplete JupyterHub logout with simultaneous JupyterLab sessions Low
CVE-2021-41247 was published for jupyterhub (pip) Nov 8, 2021
fritterhoff
Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner. Low
CVE-2021-39163 was published for matrix-synapse (pip) Sep 1, 2021
0xkasper
Improper authorisation of members discloses room membership to non-members Low
CVE-2021-39164 was published for matrix-synapse (pip) Sep 1, 2021
0xkasper
Temporary urls leaked via logging Low
CVE-2017-8761 was published for swift (pip) Jun 8, 2021
Segfault in `tf.raw_ops.SparseCountSparseOutput` Low
CVE-2021-29619 was published for tensorflow (pip) May 21, 2021
Crash in `tf.transpose` with complex inputs Low
CVE-2021-29618 was published for tensorflow (pip) May 21, 2021
Crash in `tf.strings.substr` due to `CHECK`-fail Low
CVE-2021-29617 was published for tensorflow (pip) May 21, 2021
ProTip! Advisories are also available from the GraphQL API