GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,980
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,110
Pub
10
RubyGems
837
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19 advisories
Filter by severity
High severity vulnerability that affects python-gnupg
High
CVE-2013-7323
was published
for
python-gnupg
(pip)
Nov 6, 2018
High severity vulnerability that affects python-gnupg
High
CVE-2014-1927
was published
for
python-gnupg
(pip)
Nov 6, 2018
Python Twisted trustRoot is not respected in HTTP client
High
CVE-2014-7143
was published
for
twisted
(pip)
Dec 17, 2019
MoinMoin Improper Access Control vulnerability
High
CVE-2009-4762
was published
for
moin
(pip)
May 2, 2022
MoinMoin improper sanitizes user profiles
High
CVE-2010-0669
was published
for
moin
(pip)
May 2, 2022
MoinMoin has improper default configuration
High
CVE-2010-0717
was published
for
moin
(pip)
May 2, 2022
Mercurial vulnerable to arbitrary command execution via a crafted repository name in a clone command
High
CVE-2014-9462
was published
for
mercurial
(pip)
May 14, 2022
Salt vulnerable to Improper Certificate Validation
High
CVE-2015-4017
was published
for
salt
(pip)
May 14, 2022
Tryton vulnerable to arbitrary command execution
High
CVE-2014-6633
was published
for
tryton
(pip)
May 14, 2022
SaltStack Salt Insecure Temporary File Creation
High
CVE-2014-3563
was published
for
salt
(pip)
May 17, 2022
OpenStack Nova Live migration can leak root disk into ephemeral storage
High
CVE-2013-7130
was published
for
nova
(pip)
May 17, 2022
OpenStack Identity (Keystone) DoS through V3 API authentication chaining
High
CVE-2014-2828
was published
for
keystone
(pip)
May 17, 2022
Dulwich Arbitrary code execution via commit with directory path starting with .git
High
CVE-2014-9706
was published
for
dulwich
(pip)
May 17, 2022
Ansible unsafe evaluation of some strings
High
CVE-2014-2686
was published
for
ansible
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API