Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,394 advisories

Loading
libre-chat Path Traversal vulnerability Moderate
CVE-2024-52787 was published for libre-chat (pip) Nov 25, 2024
OpenStack Neutron can use an incorrect ID during policy enforcement Moderate
CVE-2024-53916 was published for neutron (pip) Nov 25, 2024
Path traveral in Streamlit on windows Moderate
CVE-2024-42474 was published for streamlit (pip) Aug 12, 2024
nvn1729
Mayan EDMS DMS XSS vulnerability Moderate
CVE-2022-47419 was published for mayan-edms (pip) Feb 8, 2023
OpenStack Identity (Keystone) allows remote attackers to bypass intended access restrictions via revoked PKI token Moderate
CVE-2013-4294 was published for keystone (pip) May 17, 2022
OpenStack Keystone Improper Authentication vulnerability Moderate
CVE-2013-1865 was published for keystone (pip) May 17, 2022
OpenStack Glance sensitive information disclosure via logs Moderate
CVE-2014-1948 was published for glance (pip) May 17, 2022
OpenStack Identity Keystone Improper Access Control Moderate
CVE-2016-4911 was published for keystone (pip) May 17, 2022
OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability Moderate
CVE-2015-3219 was published for horizon (pip) May 17, 2022
OpenStack Compute (Nova) Improper Access Control Moderate
CVE-2015-2687 was published for nova (pip) May 17, 2022
OpenStack Identity (Keystone) improper revoking of the authentication token when deleting a user Moderate
CVE-2013-2059 was published for keystone (pip) May 17, 2022
Galaxy cross-site scripting (XSS) Moderate
CVE-2018-1000516 was published for galaxy-app (pip) May 14, 2022
MoinMoin Multiple cross-site scripting (XSS) vulnerabilities Moderate
CVE-2008-3381 was published for moin (pip) May 1, 2022
Plone allows a user to masquerade as a group Moderate
CVE-2006-4249 was published for Plone (pip) May 1, 2022
Libextractor multiple heap-based buffer overflows Moderate
CVE-2006-2458 was published for extractor (pip) May 1, 2022
safeurl-python contains Server-Side Request Forgery Moderate
CVE-2023-24622 was published for safeurl-python (pip) Jan 27, 2023
whoissecure
ansible-runner vulnerable to Race Condition Moderate
CVE-2021-3702 was published for ansible-runner (pip) Aug 24, 2022
ansible-runner has default temporary files written to world R/W locations Moderate
CVE-2021-3701 was published for ansible-runner (pip) Aug 24, 2022
OpenStack Cinder LVMVolumeDriver does not zero deleted snapshots Moderate
CVE-2013-4183 was published for cinder (pip) May 17, 2022
Designate does not enforce the DNS protocol limit concerning record set sizes Moderate
CVE-2015-5694 was published for designate (pip) May 24, 2022
Apache IoTDB Session Fixation vulnerability Moderate
CVE-2022-38369 was published for apache-iotdb (Maven) Sep 6, 2022
Mage AI incorrectly gives privileges to users with deleted accounts Moderate
CVE-2024-45187 was published for mage-ai (pip) Aug 23, 2024
Apache Airflow: DAG Code and Import Error Permissions Ignored Moderate
CVE-2024-27906 was published for apache-airflow (pip) Feb 29, 2024
oscerd sunSUNQ
Twisted vulnerable to NameVirtualHost Host header injection Moderate
CVE-2022-39348 was published for twisted (pip) Oct 26, 2022
westonsteimel
Twisted CRLF Injection Moderate
CVE-2019-12387 was published for twisted (pip) Jun 10, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database