Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,620 advisories

Loading
Exposure of Sensitive Information to an Unauthorized Actor in Requests Moderate
CVE-2014-1829 was published for requests (pip) May 17, 2022
Eugene Pankov Ajenti Cross-site scripting Vulnerabilities Moderate
CVE-2014-4301 was published for ajenti (pip) May 17, 2022
Tryton allows users to read the hashed password Moderate
CVE-2016-1241 was published for trytond (pip) May 17, 2022
SimpleGeo python-oauth2 vulnerable to the use of Insufficiently Random Values to generate nonces Moderate
CVE-2013-4347 was published for oauth2 (pip) May 17, 2022
PyWBEM TOCTOU vulnerability in certificate validation Moderate
CVE-2013-6444 was published for pywbem (pip) May 17, 2022
OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service Moderate
CVE-2015-5286 was published for glance (pip) May 17, 2022
OpenStack Image Service (Glance) vulnerable to Improper Access Control Moderate
CVE-2016-0757 was published for glance (pip) May 17, 2022
OpenStack Identity Keystone Improper Access Control Moderate
CVE-2016-4911 was published for keystone (pip) May 17, 2022
jwcrypto lacks the Random Filling protection mechanism Moderate
CVE-2016-6298 was published for jwcrypto (pip) May 17, 2022
Django Cross-site Scripting Vulnerability Moderate
CVE-2015-2241 was published for django (pip) May 17, 2022
Django allows user sessions hijacking via an empty string in the session key Moderate
CVE-2015-3982 was published for Django (pip) May 17, 2022
MarkLee131
Radicale regex metacharacters injection in the user name Moderate
CVE-2015-8748 was published for Radicale (pip) May 17, 2022
OpenStack Glance Bypass the storage quota and Denial of service Moderate
CVE-2014-9623 was published for glance (pip) May 17, 2022
Ipsilon denial of service by deleting a SAML2 Service Provider (SP) Moderate
CVE-2015-5301 was published for ipsilon (pip) May 17, 2022
Django settings leak in date template filter Moderate
CVE-2015-8213 was published for Django (pip) May 17, 2022
sunSUNQ
Django WSGI Header Spoofing Vulnerability Moderate
CVE-2015-0219 was published for Django (pip) May 17, 2022
Django Cross-site Scripting Vulnerability Moderate
CVE-2015-0220 was published for Django (pip) May 17, 2022
OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability Moderate
CVE-2015-3219 was published for horizon (pip) May 17, 2022
Denial-of-service possibility in logout() view by filling session store Moderate
CVE-2015-5964 was published for Django (pip) May 17, 2022
MarkLee131
OpenStack Cinder file disclosure in image convert Moderate
CVE-2015-1851 was published for cinder (pip) May 17, 2022
OpenStack Neutron allows remote authenticated users to cause a denial of service Moderate
CVE-2014-3555 was published for neutron (pip) May 17, 2022 withdrawn
oliverchang
OpenStack Glance improper validation of the image_size_cap configuration option Moderate
CVE-2014-5356 was published for glance (pip) May 17, 2022
Web2py Reflected XSS vulnerability Moderate
CVE-2016-4807 was published for web2py (pip) May 17, 2022
Urllib3 Incorrect Certificate Validation Moderate
CVE-2016-9015 was published for urllib3 (pip) May 17, 2022
Tryton allow authenticated users with certain permissions to read arbitrary files via the name parameter Moderate
CVE-2016-1242 was published for trytond (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database