Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

501 advisories

Loading
Buffer Copy without Checking Size of Input in Pillow Critical
CVE-2020-5311 was published for pillow (pip) May 24, 2022
OpenStack Octavia Amphora-Agent not requiring Client-Certificate Critical
CVE-2019-17134 was published for octavia (pip) May 24, 2022
py-lmdb Invalid write operation Critical
CVE-2019-16225 was published for lmdb (pip) May 24, 2022
py-lmdb Invalid write operation Critical
CVE-2019-16224 was published for lmdb (pip) May 24, 2022
OpenStack os-vif Ageing time of 0 disables linuxbridge MAC learning Critical
CVE-2019-15753 was published for os-vif (pip) May 24, 2022
SaltStack Salt SQL Injection vulnerability in mysql.user_chpass function Critical
CVE-2019-1010259 was published for salt (pip) May 24, 2022
LinOTP replay vulnerability with auto resynchronization enabled for TOTP token Critical
CVE-2019-12887 was published for LinOTP (pip) May 24, 2022
Openstack Magnum Unsafe Credential Handling Critical
CVE-2016-7404 was published for openstack-magnum (pip) May 24, 2022
Ansible Remote Code Execution Critical
CVE-2014-4657 was published for ansible (pip) May 17, 2022
Ansible Arbitrary Code Execution Critical
CVE-2014-4967 was published for ansible (pip) May 17, 2022
Ansible Arbitrary Code Execution Critical
CVE-2014-4966 was published for ansible (pip) May 17, 2022
JGit Improper Input Validation vulnerability Critical
CVE-2014-9390 was published for mercurial (Maven) May 17, 2022
PyWebDAV SQL Injection vulnerability Critical
CVE-2011-0432 was published for pywebdav (pip) May 17, 2022
Django Allows Redirect via Data URL Critical
CVE-2012-3442 was published for django (pip) May 17, 2022
graphite-web is vulnerable to Remote Code Execution via renderLocalView function Critical
CVE-2013-5093 was published for graphite-web (pip) May 17, 2022
graphite-web is vulnerable to Remote Code Execution Critical
CVE-2013-5942 was published for graphite-web (pip) May 17, 2022
Python Swift client is vulnerable to Missing SSL Certificate Check Critical
CVE-2013-6396 was published for python-swiftclient (pip) May 17, 2022
Pillow command injection Critical
CVE-2014-3007 was published for pillow (pip) May 17, 2022
Plone python code injection Critical
CVE-2012-5495 was published for plone (pip) May 17, 2022
Dulwich Buffer Overflow when handling pack files Critical
CVE-2015-0838 was published for dulwich (pip) May 17, 2022
Dulwich Arbitrary code execution via commit with directory path starting with .git Critical
CVE-2014-9706 was published for dulwich (pip) May 17, 2022
OpenStack Murano Code Execution Critical
CVE-2016-4972 was published for murano (pip) May 17, 2022
Radicale is vulnerable to directory traversal on Windows Filesystem Storage Backend component Critical
CVE-2016-1505 was published for Radicale (pip) May 17, 2022
Radicale vulnerable to arbitrary file read or write Critical
CVE-2015-8747 was published for Radicale (pip) May 17, 2022
Improper Input Validation in Jupyter Notebook Critical
CVE-2015-7337 was published for ipython (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database