Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,701
Maven
5,000+
npm
4,328
NuGet
761
pip
4,103
Pub
12
RubyGems
958
Rust
1,064
Swift
45
Unreviewed advisories
All unreviewed
5,000+

332 advisories

Loading
[PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS` Low
CVE-2024-41124 was published for puncia (pip) Jul 19, 2024
SCH227 g147
Credited to SCH227 and g147
Ankitects Anki LaTeX Blocklist Bypass vulnerability Low
CVE-2024-32152 was published for anki (pip) Jul 22, 2024
Jayy001
Credited to Jayy001
freewvs's nested directory structure can interrupt scan Low
CVE-2020-15101 was published for freewvs (pip) Aug 30, 2024
freewvs vulnerable to denial of service through large files Low
CVE-2020-15100 was published for freewvs (pip) Aug 30, 2024
LTI 1.3 Grade Pass Back Implementation has Missing Authorization Vulnerability Low
CVE-2023-23611 was published for lti-consumer-xblock (pip) Aug 30, 2024
`aiohttp` Open Redirect vulnerability (`normalize_path_middleware` middleware) Low
CVE-2021-21330 was published for aiohttp (pip) Feb 26, 2021
jelmer g147
Credited to jelmer and g147
Timing-Based Username Enumeration Vulnerability in Fides Webserver Authentication Low
CVE-2024-45052 was published for ethyca-fides (pip) Sep 4, 2024
RobertKeyser pattisdr
daveqnet
Credited to RobertKeyser, pattisdr, and daveqnet
Ansible uses a socket with predictable filename in /tmp Low
CVE-2013-4259 was published for Ansible (pip) May 14, 2022
Libcloud does not properly scrub data when destroying a DigitalOcean node Low
CVE-2013-6480 was published for apache-libcloud (pip) May 14, 2022
ceph-deploy uses world-readable permissions on client.admin key Low
CVE-2015-4053 was published for ceph-deploy (pip) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Ansible Low
CVE-2020-1739 was published for ansible (pip) Apr 7, 2021
Argument Injection in Ansible Low
CVE-2020-1738 was published for ansible (pip) Feb 9, 2022
Apache Airflow logs passwords in plaintext Low
CVE-2020-17511 was published for apache-airflow (pip) Dec 17, 2020
ceph-deploy allows local users to obtain sensitive information by reading the file Low
CVE-2015-3010 was published for ceph-deploy (pip) May 17, 2022
Cabot Cross Site Scripting (XSS) vulnerability via Endpoint column Low
CVE-2020-7734 was published for cabot (pip) May 24, 2022
Cloudtoken Insufficiently Protects Credentials Low
CVE-2018-13390 was published for cloudtoken (pip) May 13, 2022
changedetection.io API endpoint is not secured with API token Low
CVE-2024-23329 was published for changedetection.io (pip) Jan 23, 2024
rozpuszczalny
Credited to rozpuszczalny
cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code Low
CVE-2024-22194 was published for case-utils (pip) Jan 11, 2024
ajnelson-nist kchason
Credited to ajnelson-nist and kchason
Potential sensitive information disclosed in error reports Low
CVE-2021-21416 was published for django-registration (pip) Apr 6, 2021
martinmo tdunlap607
Credited to martinmo and tdunlap607
Django User Enumeration Vulnerability Low
CVE-2016-2513 was published for django (pip) May 17, 2022
MarkLee131
Credited to MarkLee131
Open Redirect in Flask-Security-Too Low
CVE-2021-32618 was published for Flask-Security-Too (pip) May 17, 2021
tdunlap607
Credited to tdunlap607
Improper authorisation of members discloses room membership to non-members Low
CVE-2021-39164 was published for matrix-synapse (pip) Sep 1, 2021
0xkasper
Credited to 0xkasper
Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner. Low
CVE-2021-39163 was published for matrix-synapse (pip) Sep 1, 2021
0xkasper
Credited to 0xkasper
IPython vulnerable to command injection via set_term_title Low
CVE-2023-24816 was published for ipython (pip) Feb 10, 2023
Open redirect in Jupyter Notebook Low
CVE-2020-26215 was published for notebook (pip) Nov 18, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database