Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,511 advisories

Loading
OpenStack Keystone allows information disclosure during account locking High
CVE-2021-38155 was published for keystone (pip) May 24, 2022
Openstack Neutron has Insufficient Verification of IPv6 addresses High
CVE-2021-20267 was published for neutron (pip) May 24, 2022
OctoPrint Incorrect Access Control High
CVE-2021-32560 was published for octoprint (pip) May 24, 2022
Command Injection in SaltStack Salt High
CVE-2021-31607 was published for salt (pip) May 24, 2022
StackStorm st2 Infinite Loop Condition High
CVE-2021-28667 was published for st2client (pip) May 24, 2022 withdrawn
Saltstack Salt Unauthenticated Arbitrary Code Execution High
CVE-2021-25315 was published for salt (pip) May 24, 2022
SaltStack Salt Directory Traversal vulnerability High
CVE-2021-25282 was published for salt (pip) May 24, 2022
SaltStack Salt Improper SSL Certificate Validation High
CVE-2020-35662 was published for salt (pip) May 24, 2022
SaltStack Salt command injection via a crafted process name High
CVE-2020-28243 was published for salt (pip) May 24, 2022
SaltStack Salt Improper Certificate Validation High
CVE-2020-28972 was published for salt (pip) May 24, 2022
GramAddict bot uses dependency with reverse tcp backdoor High
CVE-2020-36245 was published for GramAddict (pip) May 24, 2022
ClusterLabs crmsh vulnerable to shell code injection High
CVE-2020-35459 was published for crmsh (pip) May 24, 2022
blosc2 heap-based buffer overflow High
CVE-2020-29367 was published for blosc2 (pip) May 24, 2022
scikit-learn Denial of Service High
CVE-2020-28975 was published for scikit-learn (pip) May 24, 2022
Duplicate Advisory: Unauthorized privilege escalation in Mod module High
GHSA-q886-75m2-vff8 was published for red-discordbot (pip) May 24, 2022 withdrawn
OpenStack Nova Live migration fails to update persistent domain XML High
CVE-2020-17376 was published for nova (pip) May 24, 2022
bsdiff4 out-of-bounds write via patch file High
CVE-2020-15904 was published for bsdiff4 (pip) May 24, 2022
rtslib-fb weak permissions for /etc/target/saveconfig.json file High
CVE-2020-14019 was published for rtslib-fb (pip) May 24, 2022
OpenStack Mistral DoS High
CVE-2018-16848 was published for mistral (pip) May 24, 2022
Openstack cinder Improper handling of ScaleIO backend credentials High
CVE-2020-10755 was published for cinder (pip) May 24, 2022
OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID High
CVE-2020-12691 was published for keystone (pip) May 24, 2022
OpenStack Keystone EC2 and/or credential endpoints are not protected from a scoped context High
CVE-2020-12689 was published for keystone (pip) May 24, 2022
SaltStack Salt is vulnerable Arbitrary Directory Access High
CVE-2020-11652 was published for salt (pip) May 24, 2022
OpenStack Manila Unprivileged users can retrieve, use and manipulate share networks High
CVE-2020-9543 was published for manila (pip) May 24, 2022
Plone Privilege Escallation High
CVE-2020-7938 was published for Plone (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database