GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,678
NuGet
645
pip
3,297
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,054 advisories
Filter by severity
salt password information leaked in debug logs
Critical
CVE-2015-6941
was published
for
salt
(pip)
May 17, 2022
Samly access control vulnerability
Critical
CVE-2024-25718
was published
for
Samly
(Erlang)
Feb 11, 2024
Salt allows deleted minions to read or write to minions with the same id
Critical
CVE-2016-9639
was published
for
salt
(pip)
May 17, 2022
SaltStack Salt Directory traversal vulnerability in minion id validation
Critical
CVE-2017-12791
was published
for
salt
(pip)
May 17, 2022
SaltStack Salt Directory traversal vulnerability in minion id validation
Critical
CVE-2017-14695
was published
for
salt
(pip)
May 17, 2022
pysaml2 Improper Authentication vulnerability
Critical
CVE-2017-1000433
was published
for
pysaml2
(pip)
Jul 13, 2018
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation
Critical
CVE-2024-22416
was published
for
pyload-ng
(pip)
Jan 19, 2024
Poetry before v1.1.9 contains Untrusted Search Path
Critical
CVE-2022-26184
was published
for
poetry
(pip)
Mar 23, 2022
pydash Command Injection vulnerability
Critical
CVE-2023-26145
was published
for
pydash
(pip)
Sep 28, 2023
PyArrow: Arbitrary code execution when loading a malicious data file
Critical
CVE-2023-47248
was published
for
pyarrow
(pip)
Nov 9, 2023
Unsafe pyyaml load usage in PyAnyAPI
Critical
CVE-2017-16616
was published
for
pyanyapi
(pip)
May 13, 2022
Potential buffer overflow in psd-tools
Critical
CVE-2020-10571
was published
for
psd-tools
(pip)
Mar 16, 2020
Apache StreamPark Path Traversal vulnerability
Critical
CVE-2022-45802
was published
for
org.apache.streampark:streampark-common_2.11
(Maven)
Jul 6, 2023
JSONPath Plus Remote Code Execution (RCE) Vulnerability
Critical
CVE-2024-21534
was published
for
jsonpath-plus
(npm)
Oct 11, 2024
py7zr directory traversal vulnerability
Critical
CVE-2022-44900
was published
for
py7zr
(pip)
Dec 6, 2022
pwntools Server-Side Template Injection (SSTI) vulnerability
Critical
CVE-2020-28468
was published
for
pwntools
(pip)
Apr 20, 2021
Plone Unauthenticated Write Vulnerability
Critical
CVE-2020-7941
was published
for
Plone
(pip)
May 24, 2022
Incorrect Permission Assignment for Critical Resource in Plone
Critical
CVE-2021-33509
was published
for
Plone
(pip)
Jun 15, 2021
Apache Linkis Authentication Bypass vulnerability
Critical
CVE-2023-27987
was published
for
org.apache.linkis:linkis
(Maven)
Jul 6, 2023
VM images built with Image Builder and Proxmox provider use default credentials in github.com/kubernetes-sigs/image-builder
Critical
CVE-2024-9486
was published
for
github.com/kubernetes-sigs/image-builder
(Go)
Oct 15, 2024
Deserialization of Untrusted Data in Groovy
Critical
CVE-2016-6814
was published
for
org.codehaus.groovy:groovy
(Maven)
May 13, 2022
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Apache Groovy
Critical
CVE-2015-3253
was published
for
org.codehaus.groovy:groovy
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API