Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,655
Maven
5,000+
npm
4,284
NuGet
760
pip
4,067
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

521 advisories

Loading
Bleach URI Scheme Restriction Bypass Critical
CVE-2018-7753 was published for bleach (pip) Jan 4, 2019
LDAP authentication bypass with empty password Critical
CVE-2020-26214 was published for alerta-server (pip) Nov 6, 2020
CasperGN
Credited to CasperGN
Ansible Insertion of Sensitive Information into Log File vulnerability Critical
CVE-2017-7550 was published for ansible (pip) May 13, 2022
aubio Buffer Overflow vulnerability Critical
CVE-2018-19800 was published for aubio (pip) Jul 26, 2019
AsyncSSH SSH Server Authentication Bypass Critical
CVE-2018-7749 was published for AsyncSSH (pip) May 14, 2022
Ansible Remote Code Execution Critical
CVE-2014-4657 was published for ansible (pip) May 17, 2022
Ansible Arbitrary Code Execution Critical
CVE-2014-4966 was published for ansible (pip) May 17, 2022
Ansible Arbitrary Code Execution Critical
CVE-2014-4967 was published for ansible (pip) May 17, 2022
Ansible Code Injection Vulnerability Critical
CVE-2014-4678 was published for ansible (pip) May 24, 2022
Insecure default config of Celery worker in Apache Airflow Critical
CVE-2020-11982 was published for apache-airflow (pip) Jul 27, 2020
sunSUNQ
Credited to sunSUNQ
Missing Authentication for Critical Function in Apache Airflow Critical
CVE-2021-38540 was published for apache-airflow (pip) May 24, 2022
Apache Airflow Session Fixation vulnerability Critical
CVE-2022-38054 was published for apache-airflow (pip) Sep 3, 2022
Command injection via Celery broker in Apache Airflow Critical
CVE-2020-11981 was published for apache-airflow (pip) Jul 27, 2020
sunSUNQ
Credited to sunSUNQ
Apache IoTDB Grafana Connector vulnerable to Improper Authentication Critical
CVE-2023-24831 was published for apache-iotdb (Maven) Apr 17, 2023
Apache Airflow vulnerable to XSS Critical
CVE-2017-17836 was published for apache-airflow (pip) Jan 25, 2019
Potential memory corruption in arrayfire Critical
CVE-2018-20998 was published for arrayfire (pip) Aug 25, 2021
westonsteimel
Credited to westonsteimel
Asyncpg Arbitrary Code Execution Via Access to an Uninitialized Pointer Critical
CVE-2020-17446 was published for asyncpg (pip) Apr 20, 2021
Arbitrary code execution in clickhouse-driver Critical
CVE-2020-26759 was published for clickhouse-driver (pip) Apr 7, 2021
xzkostyan
Credited to xzkostyan
Denial of service in bottle Critical
CVE-2022-31799 was published for bottle (pip) Jun 3, 2022
Improper Authentication in Buildbot Critical
CVE-2019-12300 was published for buildbot (pip) May 29, 2019
remote code execution via git repo provider Critical
CVE-2021-39159 was published for binderhub (pip) Aug 30, 2021
dreyercito rccern
Credited to dreyercito and rccern
Unsafe deserialization in confire Critical
CVE-2017-16763 was published for confire (pip) Jul 18, 2018
Couchbase Sync Gateway admin credentials not verified when using X.509 client cert authentication Critical
CVE-2022-32563 was published for couchbase (pip) Jun 11, 2022
Remote code execution in dask Critical
CVE-2021-42343 was published for dask (pip) Oct 27, 2021
Diffoscope may write to arbitrary locations due to an untrusted archive Critical
CVE-2017-0359 was published for diffoscope (pip) Jul 13, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database