Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,678
NuGet
645
pip
3,297
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

8,978 advisories

Loading
Exposure of Sensitive Information to an Unauthorized Actor in Requests Moderate
CVE-2014-1830 was published for requests (pip) May 14, 2022
Roundup Cross-site Scripting (XSS) vulnerability Moderate
CVE-2012-6132 was published for roundup (pip) May 17, 2022
Roundup Cross-site scripting (XSS) vulnerability Moderate
CVE-2012-6131 was published for roundup (pip) May 17, 2022
Python RSA allows attackers to spoof signatures Moderate
CVE-2016-1494 was published for rsa (pip) May 14, 2022
Restkit Does Not Validate TLS certificates Moderate
CVE-2015-2674 was published for restkit (pip) May 17, 2022
Salt improper handling of tmp files Moderate
CVE-2015-1838 was published for salt (pip) May 17, 2022
Moderate severity vulnerability that affects roundup Moderate
CVE-2019-10904 was published for roundup (pip) Apr 9, 2019
Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present Moderate
CVE-2024-47825 was published for github.com/cilium/cilium (Go) Oct 21, 2024
Absolute path traversal vulnerability in digdag server Moderate
CVE-2024-25125 was published for io.digdag:digdag-server (Maven) Feb 14, 2024
p-
SaltStack has insecure /tmp file handling in salt/modules/chef.py Moderate
CVE-2015-1839 was published for salt (pip) May 17, 2022
Salt Insecure configuration of PAM external authentication service Moderate
CVE-2016-3176 was published for salt (pip) May 17, 2022
Roundup Cross-site Scripting (XSS) vulnerability Moderate
CVE-2012-6130 was published for roundup (pip) May 17, 2022
salt leaks git usernames and passwords to the log Moderate
CVE-2015-6918 was published for salt (pip) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark Moderate
CVE-2018-1334 was published for org.apache.spark:spark-core_2.10 (Maven) Mar 14, 2019
Malicious package may avoid detection in python auditing Moderate
CVE-2020-5252 was published for safety (pip) Mar 24, 2020
akoumjian G-Rath
Python Requests Session Fixation Moderate
CVE-2015-2296 was published for requests (pip) May 13, 2022
sfblackl-intel
Directory Traversal in pyftpdlib Moderate
CVE-2007-6736 was published for pyftpdlib (pip) May 1, 2022
Cross-site Scripting and Open Redirect in Products.ATContentTypes Moderate
CVE-2022-23599 was published for Products.ATContentTypes (pip) Jan 28, 2022
pretix potential IP address spoofing vulnerability Moderate
CVE-2023-44463 was published for pretix (pip) Oct 2, 2023
Use of "infinity" as an input to datetime and date fields causes infinite loop in pydantic Moderate
CVE-2021-29510 was published for pydantic (pip) May 13, 2021
nina-j bluetech
GNU Mailman Postorius Access Control Issues Moderate
CVE-2021-40347 was published for postorius (pip) May 24, 2022
pretalx allows path traversal in HTML export Moderate
CVE-2023-28458 was published for pretalx (pip) Apr 20, 2023
PyCrypto makes Use of Insufficiently Random Values Moderate
CVE-2012-2417 was published for PyCrypto (pip) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup Moderate
CVE-2021-21360 was published for Products.GenericSetup (pip) Mar 9, 2021
chutchut
URL Redirection to Untrusted Site ('Open Redirect') in Products.PluggableAuthService Moderate
CVE-2021-21337 was published for Products.PluggableAuthService (pip) Mar 8, 2021
jugmac00 xoffense
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database