Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,511 advisories

Loading
Mercurial vulnerable to arbitrary code execution when converting Git repos High
CVE-2016-3105 was published for mercurial (pip) May 17, 2022
txAWS AWSServiceEndpoint defaults to not verifying server certificates High
CVE-2017-1000007 was published for txaws (pip) May 17, 2022
Trac vulnerable to denial of service High
CVE-2008-5646 was published for Trac (pip) May 17, 2022
FormEncode Access Restrictions Bypass High
CVE-2008-6547 was published for FormEncode (pip) May 17, 2022
MoinMoin Access Restrictions Bypassed due to improper ACL enforcement High
CVE-2008-6603 was published for moin (pip) May 17, 2022
Cobbler Web Interface Kickstart Template Remote Privilege Escalation Vulnerability High
CVE-2008-6954 was published for cobbler (pip) May 17, 2022
django-cms CSRF Vulnerability High
CVE-2015-5081 was published for django-cms (pip) May 17, 2022
attic has improper verification of unencrypted backups High
CVE-2015-4082 was published for attic (pip) May 17, 2022
PyFriBidi Buffer overflow in the fribidi_utf8_to_unicode function High
CVE-2012-1176 was published for pyfribidi (pip) May 17, 2022
Arbitrary file overwrite in OpenStack Nova High
CVE-2012-3447 was published for nova (pip) May 17, 2022
OpenStack Keystone Insufficient token expiration High
CVE-2012-5563 was published for keystone (pip) May 17, 2022
OpenStack Compute (Nova) Denial of service via a large number of calls to the addFixedIp function High
CVE-2013-1838 was published for nova (pip) May 17, 2022
Gentoo Portage does not verify X.509 certificates from SSL servers High
CVE-2013-2100 was published for portage (pip) May 17, 2022
OpenStack Nova Live migration can leak root disk into ephemeral storage High
CVE-2013-7130 was published for nova (pip) May 17, 2022
SaltStack Salt Insecure Temporary File Creation High
CVE-2014-3563 was published for salt (pip) May 17, 2022
Scrapy denial of service vulnerability High
CVE-2017-14158 was published for scrapy (pip) May 17, 2022
jhutchings1 G-Rath
ayatweb Matthew-Grayson
Designate mDNS DoS through incorrect handling of large RecordSets High
CVE-2015-5695 was published for designate (pip) May 17, 2022
Django Vulnerable to HTTP Response Splitting Attack High
CVE-2015-5144 was published for Django (pip) May 17, 2022
sunSUNQ
Django ReDoS in validators.URLValidator High
CVE-2015-5145 was published for Django (pip) May 17, 2022
Plone unauthorized member addition vulnerability High
CVE-2015-7315 was published for Plone (pip) May 17, 2022
Plone Header Injection High
CVE-2015-7318 was published for Plone (pip) May 17, 2022
IPython vulnerable to cross site request forgery (CSRF) High
CVE-2015-5607 was published for ipython (pip) May 17, 2022
Plone vulnerable to cross-site request forgery High
CVE-2015-7293 was published for Plone (pip) May 17, 2022
SaltStack Salt Authentication Bypass when using the local_batch client from salt-api High
CVE-2017-5192 was published for salt (pip) May 17, 2022
SaltStack Salt Denial of Service via a crafted authentication request High
CVE-2017-14696 was published for salt (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database