GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,678
NuGet
645
pip
3,297
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
406 advisories
Filter by severity
salt password information leaked in debug logs
Critical
CVE-2015-6941
was published
for
salt
(pip)
May 17, 2022
Salt allows deleted minions to read or write to minions with the same id
Critical
CVE-2016-9639
was published
for
salt
(pip)
May 17, 2022
SaltStack Salt Directory traversal vulnerability in minion id validation
Critical
CVE-2017-12791
was published
for
salt
(pip)
May 17, 2022
SaltStack Salt Directory traversal vulnerability in minion id validation
Critical
CVE-2017-14695
was published
for
salt
(pip)
May 17, 2022
pysaml2 Improper Authentication vulnerability
Critical
CVE-2017-1000433
was published
for
pysaml2
(pip)
Jul 13, 2018
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation
Critical
CVE-2024-22416
was published
for
pyload-ng
(pip)
Jan 19, 2024
Poetry before v1.1.9 contains Untrusted Search Path
Critical
CVE-2022-26184
was published
for
poetry
(pip)
Mar 23, 2022
pydash Command Injection vulnerability
Critical
CVE-2023-26145
was published
for
pydash
(pip)
Sep 28, 2023
PyArrow: Arbitrary code execution when loading a malicious data file
Critical
CVE-2023-47248
was published
for
pyarrow
(pip)
Nov 9, 2023
Unsafe pyyaml load usage in PyAnyAPI
Critical
CVE-2017-16616
was published
for
pyanyapi
(pip)
May 13, 2022
Potential buffer overflow in psd-tools
Critical
CVE-2020-10571
was published
for
psd-tools
(pip)
Mar 16, 2020
py7zr directory traversal vulnerability
Critical
CVE-2022-44900
was published
for
py7zr
(pip)
Dec 6, 2022
pwntools Server-Side Template Injection (SSTI) vulnerability
Critical
CVE-2020-28468
was published
for
pwntools
(pip)
Apr 20, 2021
Plone Unauthenticated Write Vulnerability
Critical
CVE-2020-7941
was published
for
Plone
(pip)
May 24, 2022
Incorrect Permission Assignment for Critical Resource in Plone
Critical
CVE-2021-33509
was published
for
Plone
(pip)
Jun 15, 2021
Improper Restriction of XML External Entity Reference in Quokka
Critical
CVE-2020-18705
was published
for
quokka
(pip)
Aug 30, 2021
Improper Restriction of XML External Entity Reference in Quokka
Critical
CVE-2020-18703
was published
for
quokka
(pip)
Aug 30, 2021
Radicale vulnerable to arbitrary file read or write
Critical
CVE-2015-8747
was published
for
Radicale
(pip)
May 17, 2022
PyYAML insecurely deserializes YAML strings leading to arbitrary code execution
Critical
CVE-2017-18342
was published
for
pyyaml
(pip)
Jan 4, 2019
python-jose failure to use a constant time comparison for HMAC keys
Critical
CVE-2016-7036
was published
for
python-jose
(pip)
May 17, 2022
Remote code execution in pytorch lightning
Critical
CVE-2024-5452
was published
for
lightning
(pip)
Jun 6, 2024
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection
Critical
CVE-2024-37301
was published
for
document-merge-service
(pip)
Jun 11, 2024
ProTip!
Advisories are also available from the
GraphQL API