Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

501 advisories

Loading
Donfig Command Injection in collect_yaml method Critical
CVE-2019-7537 was published for donfig (pip) May 14, 2022
web2py is vulnerable to password brute-force attack Critical
CVE-2016-10321 was published for web2py (pip) May 14, 2022
web2py remote code execution via hardcoded encryption key in session.connect function Critical
CVE-2016-3953 was published for web2py (pip) May 14, 2022
Cobbler has Exposed Dangerous Method or Function Critical
CVE-2018-10931 was published for cobbler (pip) May 13, 2022
SiCKRAGE Discloses Plaintext Credentials Critical
CVE-2018-9160 was published for sickrage (pip) May 13, 2022
Cobbler Improper Validation of Security Tokens Critical
CVE-2018-1000226 was published for cobbler (pip) May 13, 2022
SaltStack Salt allows compromised salt-minions to impersonate the salt-master Critical
CVE-2017-7893 was published for salt (pip) May 13, 2022
Unsafe pyyaml load usage in PyAnyAPI Critical
CVE-2017-16616 was published for pyanyapi (pip) May 13, 2022
westonsteimel
Dulwich RCE Vulnerability Critical
CVE-2017-16228 was published for dulwich (pip) May 13, 2022
Mercurial is vulnerable to shell injection attack Critical
CVE-2017-1000116 was published for mercurial (pip) May 13, 2022
Mercurial vulnerable to arbitrary code injection Critical
CVE-2017-17458 was published for mercurial (pip) May 13, 2022
Mercurial Incorrect Access Control vulnerability Critical
CVE-2018-1000132 was published for mercurial (pip) May 13, 2022
Mercurial mishandles integer addition and subtraction Critical
CVE-2018-13347 was published for mercurial (pip) May 13, 2022
SaltStack Salt Remote command execution and incorrect access control when using salt-api Critical
CVE-2018-15751 was published for salt (pip) May 13, 2022
Sony Neural Network Libraries reliance on untrusted inputs prior to v1.0.10 Critical
CVE-2019-10844 was published for nnabla (pip) May 13, 2022
westonsteimel
Ansible Insertion of Sensitive Information into Log File vulnerability Critical
CVE-2017-7550 was published for ansible (pip) May 13, 2022
Code-execution backdoor in marcador Critical
CVE-2022-28470 was published for marcador (pip) May 9, 2022
Argument injection in python-libnmap Critical
CVE-2022-30284 was published for python-libnmap (pip) May 6, 2022
jefimm
Tenant and Verifier might not use the same registrar data Critical
CVE-2022-1053 was published for keylime (pip) May 5, 2022
THS-on
ReviewBoard and Djblets library are vulnerable to code execution Critical
CVE-2013-4409 was published for ReviewBoard (pip) May 5, 2022
Zope Object Database (ZODB) Arbitrary files reading and deletion Critical
CVE-2009-2701 was published for zodb3 (pip) May 2, 2022
Zope Object Database (ZODB) vulnerable to arbitrary Python code execution in ZEO storage servers Critical
CVE-2009-0668 was published for ZODB3 (pip) May 2, 2022
Roundup xml-rpc server improper check of property permissions Critical
CVE-2008-1475 was published for roundup (pip) May 1, 2022
anonymous4ACL24
Plone Arbitrary Code Execution via Unsafe Handling of Pickles Critical
CVE-2007-5741 was published for plone (pip) May 1, 2022
Improper Input Validation in httpx Critical
CVE-2021-41945 was published for httpx (pip) Apr 29, 2022
lebr0nli Bibo-Joshi
AngellusMortis marcoaaguiar br3ndonland
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database