Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,698
Maven
5,000+
npm
4,325
NuGet
761
pip
4,099
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

331 advisories

Loading
OpenStack Nova can leak consoleauth token into log files Low
CVE-2015-9543 was published for Nova (pip) May 24, 2022
Wagtail has permission check bypass when editing a model with per-field restrictions through `wagtail.contrib.settings` or `ModelViewSet` Low
CVE-2024-32882 was published for wagtail (pip) May 1, 2024
jams2 Morsey187
RealOrangeOne laymonage
Credited to jams2, Morsey187, RealOrangeOne, and laymonage
MySQL Connectors Privilege Escalation Low
CVE-2017-3590 was published for mysql-connector-python (pip) May 13, 2022
Transformers Deserialization of Untrusted Data vulnerability Low
CVE-2024-3568 was published for transformers (pip) Apr 10, 2024
OpenStack Identity Keystone Privilege Escalation vulnerability Low
CVE-2013-4477 was published for keystone (pip) May 17, 2022
Unauthenticated views may expose information to anonymous users Low
CVE-2024-29199 was published for nautobot (pip) Mar 26, 2024
joewesch
Credited to joewesch
Dynamic Variable Evaluation in qiskit-ibm-runtime Low
GHSA-cq96-9974-v8hm was published for qiskit-ibm-runtime (pip) Mar 20, 2024
ihincks
Credited to ihincks
fgr Vulnerable to Insecure Default Variable Initialization Low
GHSA-879p-8gw4-mcpw was published for fgr (pip) Mar 15, 2024
dan1hc
Credited to dan1hc
LangChain directory traversal vulnerability Low
CVE-2024-28088 was published for langchain (pip) Mar 4, 2024
levpachmanov
Credited to levpachmanov
PyPop C extensions possible vulnerability: missing arguments and redundant null pointers Low
GHSA-p4m5-32pr-2hqr was published for pypop-genomics (pip) Feb 26, 2024
tuf's Metadata API: Targets.get_delegated_role() is missing input validation Low
GHSA-77hh-43cm-v8j6 was published for tuf (pip) Feb 16, 2024
commonground-api-common unexploitable privilege escalation in JWT authentication middleware Low
GHSA-c4cm-r9fh-jgj9 was published for commonground-api-common (pip) Feb 9, 2024
vantage6 may create unencrypted tasks in encrypted collaboration Low
CVE-2024-22193 was published for vantage6 (pip) Jan 30, 2024
vantage6 vulnerable to username timing attack Low
CVE-2024-21671 was published for vantage6-server (pip) Jan 30, 2024
Loggerhead XSS via filename Low
CVE-2011-0728 was published for loggerhead (pip) May 17, 2022
Minor fix to previous patch for CVE-2022-35918 Low
GHSA-8qw9-gf7w-42x5 was published for streamlit (pip) Jan 12, 2024
dbt-core's secret env vars written to package-lock.json in plaintext Low
GHSA-j4g3-3q8x-jxqp was published for dbt-core (pip) Dec 8, 2023
jtcohen6 martynydbt
Credited to jtcohen6 and martynydbt
OpenStack Heat template URL information leakage Low
CVE-2014-3801 was published for openstack-heat (pip) May 14, 2022
kiwi TCMS has possibility for user to update email address to unverified one Low
CVE-2023-30544 was published for kiwitcms (pip) Apr 24, 2023
Wagtail vulnerable to disclosure of user names via admin bulk action views Low
CVE-2023-45809 was published for wagtail (pip) Oct 19, 2023
quyenheu
Credited to quyenheu
Fides JavaScript Injection Vulnerability in Privacy Center URL Low
CVE-2023-46126 was published for ethyca-fides (pip) Oct 24, 2023
Fides Webserver Vulnerable to SVG Bomb File Uploads Low
CVE-2023-37481 was published for ethyca-fides (pip) Jul 18, 2023
daveqnet
Credited to daveqnet
Zope management interface vulnerable to stored cross site scripting via the title property Low
CVE-2023-44389 was published for Zope (pip) Oct 4, 2023
dataflake drfho
icemac d-maurer
Credited to dataflake, drfho, icemac, and d-maurer
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes Low
CVE-2023-41329 was published for com.github.tomakehurst:wiremock-jre8 (Maven) Sep 8, 2023
W0rty numacanedo
tomakehurst Mahoney oleg-nenashev
Credited to W0rty, numacanedo, tomakehurst, Mahoney, and oleg-nenashev
Fides Webserver Vulnerable to Zip Bomb File Uploads Low
CVE-2023-37480 was published for ethyca-fides (pip) Jul 18, 2023
daveqnet
Credited to daveqnet
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database