Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,511 advisories

Loading
asyncua Improper Authentication vulnerability High
CVE-2023-26150 was published for asyncua (pip) Oct 3, 2023
asyncua vulnerable to denial of service via infinite loop High
CVE-2023-26151 was published for asyncua (pip) Oct 3, 2023
opentelemetry-instrumentation Denial of Service vulnerability due to unbound cardinality metrics High
CVE-2023-43810 was published for opentelemetry-instrumentation (pip) Oct 2, 2023
programmer04
`Cookie` HTTP header isn't stripped on cross-origin redirects High
CVE-2023-43804 was published for urllib3 (pip) Oct 2, 2023
ranjit-git pquentin
illia-v sethmlarson
Rdiffweb Allocation of Resources Without Limits or Throttling vulnerability High
CVE-2023-5289 was published for rdiffweb (pip) Sep 29, 2023
pretix allows Pillow to parse EPS files High
CVE-2023-44464 was published for pretix (pip) Sep 29, 2023
yt-dlp on Windows vulnerable to `--exec` command injection when using `%q` High
CVE-2023-40581 was published for yt-dlp (pip) Sep 25, 2023
Grub4K
OpenStack Heat information leak vulnerability High
CVE-2023-1625 was published for openstack-heat (pip) Sep 24, 2023
Withdrawn Advisory: Mobile Security Framework (MobSF) Vulnerable to Insecure Permissions High
CVE-2023-42261 was published for mobsf (pip) Sep 22, 2023 withdrawn
Vyper vulnerable to memory corruption in certain builtins utilizing `msize` High
CVE-2023-42443 was published for vyper (pip) Sep 20, 2023
trocher
GeoNode vulnerable to SSRF Bypass to return internal host data High
CVE-2023-42439 was published for GeoNode (pip) Sep 20, 2023
ImThatT
Apache HDFS Provider error message suggested High
CVE-2023-41267 was published for apache-airflow-providers-apache-hdfs (pip) Sep 14, 2023
oscerd
Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms) High
CVE-2023-4785 was published for grpc (RubyGems) Sep 13, 2023
hahwul
Apache Airflow information exposure vulnerability High
CVE-2023-40712 was published for apache-airflow (pip) Sep 12, 2023
libwebp: OOB write in BuildHuffmanTable High
CVE-2023-4863 was published for Pillow (Go) Sep 12, 2023
delroth Nachtalb
pshelton-skype
Remote Code Execution in Custom Integration Upload High
CVE-2023-41319 was published for ethyca-fides (pip) Sep 7, 2023
grmpyninja
Keylime registrar and (untrusted) Agent can be bypassed by an attacker High
CVE-2023-38201 was published for keylime (pip) Sep 6, 2023
Sandbox escape via various forms of "format". High
CVE-2023-41039 was published for RestrictedPython (pip) Aug 30, 2023
ankush abhishekg999
d-maurer icemac Quasar0147
GitPython untrusted search path on Windows systems leading to arbitrary code execution High
CVE-2023-40590 was published for gitpython (pip) Aug 29, 2023
stsewd MicaelJarniac
Airflow Sqoop Provider RCE Vulnerability High
CVE-2023-27604 was published for apache-airflow-providers-apache-sqoop (pip) Aug 28, 2023
Apache Airflow vulnerable arbitrary code execution via Spark server High
CVE-2023-40195 was published for apache-airflow-providers-apache-spark (pip) Aug 28, 2023
Apache Airflow Session Fixation vulnerability High
CVE-2023-40273 was published for apache-airflow (pip) Aug 23, 2023
Apache Airflow denial of service vulnerability High
CVE-2023-37379 was published for apache-airflow (pip) Aug 23, 2023
json2xml Uncaught Exception vulnerability High
CVE-2022-25024 was published for json2xml (pip) Aug 23, 2023
pandasai vulnerable to prompt injection High
CVE-2023-39660 was published for pandasai (pip) Aug 21, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database