Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,620 advisories

Loading
SaltStack Salt Directory Traversal vulnerability in salt-api Moderate
CVE-2018-15750 was published for salt (pip) May 13, 2022
OpenEXR invalid read Moderate
CVE-2017-9112 was published for OpenEXR (pip) May 13, 2022
Ceilometer Prints Sensitive Configuration Data to Log Moderate
CVE-2019-3830 was published for ceilometer (pip) May 13, 2022
Improper Neutralization of Input During Web Page Generation in LXML Moderate
CVE-2018-19787 was published for lxml (pip) May 13, 2022
Horizon-Orchestration Cross-site scripting (XSS) vulnerability through resource name Moderate
CVE-2014-3473 was published for horizon (pip) May 13, 2022
Improper Link Resolution Before File Access in pip Moderate
CVE-2013-1888 was published for pip (pip) May 13, 2022
pip lack of randomness in build directory Moderate
CVE-2014-8991 was published for pip (pip) May 13, 2022
Python Requests Session Fixation Moderate
CVE-2015-2296 was published for requests (pip) May 13, 2022
sfblackl-intel
Improper Neutralization of CRLF Sequences in urllib3 library for Python Moderate
CVE-2019-11236 was published for urllib3 (pip) May 13, 2022
OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability Moderate
CVE-2016-4428 was published for horizon (pip) May 13, 2022
instack-undercloud vulnerable to symlink attack on tmp files Moderate
CVE-2017-7549 was published for instack-undercloud (pip) May 13, 2022
OpenStack Neutron Race Condition vulnerability Moderate
CVE-2017-7543 was published for neutron (pip) May 13, 2022
Openstack Manila Persistent XSS in Metadata field Moderate
CVE-2016-6519 was published for manila-ui (pip) May 13, 2022
Django Data leakage via admin history log Moderate
CVE-2013-0305 was published for Django (pip) May 5, 2022
Django is vulnerable to Denial of Service attack in formset Moderate
CVE-2013-0306 was published for Django (pip) May 5, 2022
OpenStack Keystone allows context-dependent attackers to bypass access restrictions Moderate
CVE-2013-0282 was published for Keystone (pip) May 5, 2022
OpenStack Keystone Denial of Service vulnerability via a large HTTP request Moderate
CVE-2013-0270 was published for keystone (pip) May 5, 2022
OpenStack Glance logs user name and password in cleartext Moderate
CVE-2013-0212 was published for glance (pip) May 5, 2022
Deserialization of Untrusted Data in Beaker Moderate
CVE-2013-7489 was published for Beaker (pip) May 5, 2022
Plone Zope cross-site scripting (XSS) vulnerability Moderate
CVE-2013-7062 was published for plone (pip) May 5, 2022
pyrad uses sequential packet IDs Moderate
CVE-2013-0342 was published for pyrad (pip) May 5, 2022
OpenStack Keystone and other components vulnerable to Improper Certificate Validation Moderate
CVE-2013-2255 was published for cinder (pip) May 5, 2022
Path Traversal in scout-browser Moderate
CVE-2022-1554 was published for scout-browser (pip) May 4, 2022
tkvideo has a memory issue in playing videos Moderate
CVE-2022-24902 was published for tkvideoplayer (pip) May 3, 2022
Zope DocumentTemplate package allows unauthenticated write Moderate
CVE-2000-0483 was published for zope (pip) May 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database