Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,656
Maven
5,000+
npm
4,284
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

523 advisories

Loading
Tenant and Verifier might not use the same registrar data Critical
CVE-2022-1053 was published for keylime (pip) May 5, 2022
THS-on
Credited to THS-on
jsonpickle unsafe deserialization Critical
CVE-2020-22083 was published for jsonpickle (pip) May 24, 2022
rtfpessoa
Credited to rtfpessoa
modulemd uses an unsafe function for processing externally provided data Critical
CVE-2017-1002157 was published for modulemd (pip) Jan 17, 2019
Mercurial vulnerable to arbitrary command execution via a crafted repository name in a clone command Critical
CVE-2014-9462 was published for mercurial (pip) May 14, 2022
Unsafe deserialization in MLAlchemy Critical
CVE-2017-16615 was published for MLAlchemy (pip) Jul 13, 2018
Injection vulnerability that affects ironic-discoverd Critical
CVE-2015-5306 was published for ironic-inspector (pip) Jul 5, 2019
joblib vulnerable to arbitrary code execution Critical
CVE-2022-21797 was published for joblib (pip) Sep 27, 2022
dawookie
Credited to dawookie
Path traversal in impacket Critical
CVE-2021-31800 was published for impacket (pip) Jun 18, 2021
Improper Input Validation in httpx Critical
CVE-2021-41945 was published for httpx (pip) Apr 29, 2022
lebr0nli Bibo-Joshi
AngellusMortis marcoaaguiar br3ndonland
Credited to lebr0nli, Bibo-Joshi, AngellusMortis, marcoaaguiar, and br3ndonland
ipycache is vulnerable to Code Injection Critical
CVE-2019-7539 was published for ipycache (pip) Mar 25, 2019
Improper Input Validation in Jupyter Notebook Critical
CVE-2015-7337 was published for ipython (pip) May 17, 2022
graphite-web is vulnerable to Remote Code Execution Critical
CVE-2013-5942 was published for graphite-web (pip) May 17, 2022
graphite-web is vulnerable to Remote Code Execution via renderLocalView function Critical
CVE-2013-5093 was published for graphite-web (pip) May 17, 2022
Command injection in Gerapy Critical
CVE-2020-7698 was published for gerapy (pip) May 6, 2021
Ganga allows absolute path traversal Critical
CVE-2022-31507 was published for ganga (pip) Jul 13, 2022
git-big-picture Code Execution Critical
CVE-2021-3028 was published for git-big-picture (pip) May 24, 2022
Gerapy may cause remote code execution Critical
CVE-2021-43857 was published for gerapy (pip) Jan 6, 2022
Dulwich Buffer Overflow when handling pack files Critical
CVE-2015-0838 was published for dulwich (pip) May 17, 2022
Dulwich Arbitrary code execution via commit with directory path starting with .git Critical
CVE-2014-9706 was published for dulwich (pip) May 17, 2022
GitHub personal access token leaking into temporary EasyBuild (debug) logs Critical
CVE-2020-5262 was published for easybuild-framework (pip) Mar 19, 2020
zao boegel
Credited to zao and boegel
Eve allows execution of arbitrary code Critical
CVE-2018-8097 was published for eve (pip) Jul 12, 2018
Django Rest Framework jwt allows obtaining new token from notionally invalidated token Critical
CVE-2020-10594 was published for drf-jwt (pip) Jun 5, 2020
ReviewBoard and Djblets library are vulnerable to code execution Critical
CVE-2013-4409 was published for ReviewBoard (pip) May 5, 2022
Improper Verification of Cryptographic Signature in Pure-Python ECDSA Critical
CVE-2019-14859 was published for ecdsa (pip) Apr 1, 2020
Dulwich RCE Vulnerability Critical
CVE-2017-16228 was published for dulwich (pip) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database