Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,511 advisories

Loading
ovirt-engine-sdk-python improper validation of hostname in x.509 certificate High
CVE-2014-0161 was published for ovirt-engine-sdk-python (pip) May 17, 2022
MoinMoin Denial of Service vulnerability via password_checker function High
CVE-2008-6549 was published for moin (pip) May 17, 2022
Zope Denial of Service (DoS) vulnerability in ZServer High
CVE-2010-3198 was published for Zope (pip) May 17, 2022
Concurrent Execution using Shared Resource with Improper Synchronization in pyftpdlib High
CVE-2010-3494 was published for pyftpdlib (pip) May 17, 2022
Cobbler is vulnerable to code injection High
CVE-2010-2235 was published for cobbler (pip) May 17, 2022
Apache Libcloud does not verify SSL certificates for HTTPS connections High
CVE-2010-4340 was published for apache-libcloud (pip) May 17, 2022
Zope Command Execution Vulnerability High
CVE-2011-3587 was published for zope2 (pip) May 17, 2022
Plone anonymous access to sub-objects in CMFEditions where KwAsAttributes classes were publishable High
CVE-2011-4030 was published for Plone (pip) May 17, 2022
Cobbler subject to Command Injection High
CVE-2012-2395 was published for cobbler (pip) May 17, 2022
Elixir can leak information due to weak use of crypto High
CVE-2012-2146 was published for Elixir (pip) May 17, 2022
Tornado CRLF injection vulnerability High
CVE-2012-2374 was published for tornado (pip) May 17, 2022
OpenStack Keystone Allows Remote User Account Creation High
CVE-2012-3542 was published for keystone (pip) May 17, 2022
Python Keyring does not securely initialize encryption cipher High
CVE-2012-4571 was published for keyring (pip) May 17, 2022
Paste Script has improper group memberships permissions High
CVE-2012-0878 was published for paste (pip) May 17, 2022
Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer High
CVE-2012-3444 was published for Django (pip) May 17, 2022
sunSUNQ
Django Image Field Vulnerable to Image Decompression Bombs High
CVE-2012-3443 was published for Django (pip) May 17, 2022
Django Allows Arbitrary URL Generation High
CVE-2012-4520 was published for django (pip) May 17, 2022
pyshop vulnerable to man-in-the-middle attacks due to using HTTP to retrieve packages from the PyPI repository High
CVE-2013-1630 was published for pyshop (pip) May 17, 2022
Setuptools vulnerable to Man-in-the-middle attacks High
CVE-2013-1633 was published for setuptools (pip) May 17, 2022
PyCrypto does not properly reseed PRNG before allowing access High
CVE-2013-1445 was published for pycrypto (pip) May 17, 2022
SaltStack Privilege Escalation vulnerability High
CVE-2013-6617 was published for salt (pip) May 17, 2022
Minion identity not validated in saltstack High
CVE-2013-4439 was published for salt (pip) May 17, 2022
SaltStack insecurely uses /tmp High
CVE-2013-4437 was published for salt (pip) May 17, 2022
SaltStack MITM SSH attack in salt-ssh High
CVE-2013-4436 was published for salt (pip) May 17, 2022
Salt has insufficient argument validation in several modules High
CVE-2013-4435 was published for salt (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database