GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,678
NuGet
645
pip
3,297
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
8,978 advisories
Filter by severity
Exposure of Sensitive Information to an Unauthorized Actor in Requests
Moderate
CVE-2014-1830
was published
for
requests
(pip)
May 14, 2022
Roundup Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2012-6132
was published
for
roundup
(pip)
May 17, 2022
Roundup Cross-site scripting (XSS) vulnerability
Moderate
CVE-2012-6131
was published
for
roundup
(pip)
May 17, 2022
Python RSA allows attackers to spoof signatures
Moderate
CVE-2016-1494
was published
for
rsa
(pip)
May 14, 2022
Restkit Does Not Validate TLS certificates
Moderate
CVE-2015-2674
was published
for
restkit
(pip)
May 17, 2022
Salt improper handling of tmp files
Moderate
CVE-2015-1838
was published
for
salt
(pip)
May 17, 2022
Moderate severity vulnerability that affects roundup
Moderate
CVE-2019-10904
was published
for
roundup
(pip)
Apr 9, 2019
Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present
Moderate
CVE-2024-47825
was published
for
github.com/cilium/cilium
(Go)
Oct 21, 2024
Absolute path traversal vulnerability in digdag server
Moderate
CVE-2024-25125
was published
for
io.digdag:digdag-server
(Maven)
Feb 14, 2024
SaltStack has insecure /tmp file handling in salt/modules/chef.py
Moderate
CVE-2015-1839
was published
for
salt
(pip)
May 17, 2022
Salt Insecure configuration of PAM external authentication service
Moderate
CVE-2016-3176
was published
for
salt
(pip)
May 17, 2022
Roundup Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2012-6130
was published
for
roundup
(pip)
May 17, 2022
salt leaks git usernames and passwords to the log
Moderate
CVE-2015-6918
was published
for
salt
(pip)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark
Moderate
CVE-2018-1334
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Mar 14, 2019
Malicious package may avoid detection in python auditing
Moderate
CVE-2020-5252
was published
for
safety
(pip)
Mar 24, 2020
Python Requests Session Fixation
Moderate
CVE-2015-2296
was published
for
requests
(pip)
May 13, 2022
Directory Traversal in pyftpdlib
Moderate
CVE-2007-6736
was published
for
pyftpdlib
(pip)
May 1, 2022
Cross-site Scripting and Open Redirect in Products.ATContentTypes
Moderate
CVE-2022-23599
was published
for
Products.ATContentTypes
(pip)
Jan 28, 2022
pretix potential IP address spoofing vulnerability
Moderate
CVE-2023-44463
was published
for
pretix
(pip)
Oct 2, 2023
Use of "infinity" as an input to datetime and date fields causes infinite loop in pydantic
Moderate
CVE-2021-29510
was published
for
pydantic
(pip)
May 13, 2021
GNU Mailman Postorius Access Control Issues
Moderate
CVE-2021-40347
was published
for
postorius
(pip)
May 24, 2022
pretalx allows path traversal in HTML export
Moderate
CVE-2023-28458
was published
for
pretalx
(pip)
Apr 20, 2023
PyCrypto makes Use of Insufficiently Random Values
Moderate
CVE-2012-2417
was published
for
PyCrypto
(pip)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup
Moderate
CVE-2021-21360
was published
for
Products.GenericSetup
(pip)
Mar 9, 2021
URL Redirection to Untrusted Site ('Open Redirect') in Products.PluggableAuthService
Moderate
CVE-2021-21337
was published
for
Products.PluggableAuthService
(pip)
Mar 8, 2021
ProTip!
Advisories are also available from the
GraphQL API