GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
4,643 advisories
Filter by severity
SaltStack Salt Denial of Service via a crafted authentication request
High
CVE-2017-14696
was published
for
salt
(pip)
May 17, 2022
Improper Input Validation in pyftpdlib
High
CVE-2007-6739
was published
for
pyftpdlib
(pip)
May 1, 2022
Policies not properly enforced in bluemonday
High
CVE-2021-42576
was published
for
github.com/microcosm-cc/bluemonday
(Go)
Oct 19, 2021
Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on...
High
Unreviewed
CVE-2016-5284
was published
May 14, 2022
The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and...
High
Unreviewed
CVE-2016-5272
was published
May 14, 2022
Improper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a...
High
Unreviewed
CVE-2023-28738
was published
Jan 19, 2024
privacyIDEA Improper Input Validation vulnerability
High
CVE-2018-1000809
was published
for
privacyIDEA
(pip)
Jan 14, 2019
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server...
High
Unreviewed
CVE-2010-1896
was published
May 14, 2022
DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,...
High
Unreviewed
CVE-2011-0657
was published
May 13, 2022
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003...
High
Unreviewed
CVE-2012-0157
was published
May 4, 2022
mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input...
High
Unreviewed
CVE-2024-3152
was published
Jun 6, 2024
Improper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability...
High
Unreviewed
CVE-2022-36392
was published
Aug 11, 2023
Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products.
High
Unreviewed
CVE-2024-6333
was published
Oct 17, 2024
Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view.
High
Unreviewed
CVE-2024-9348
was published
Oct 16, 2024
Account users in Apache CloudStack by default are allowed to upload and register templates for...
High
Unreviewed
CVE-2024-45219
was published
Oct 16, 2024
Improper Input Validation in python-dbusmock
High
CVE-2015-1326
was published
for
python-dbusmock
(pip)
Apr 23, 2019
An unauthenticated local attacker can gain admin privileges by deploying a config file due to...
High
Unreviewed
CVE-2024-45271
was published
Oct 15, 2024
CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory...
High
Unreviewed
CVE-2024-6207
was published
Oct 14, 2024
pyshop vulnerable to man-in-the-middle attacks due to using HTTP to retrieve packages from the PyPI repository
High
CVE-2013-1630
was published
for
pyshop
(pip)
May 17, 2022
Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1 allows local attacker to...
High
Unreviewed
CVE-2023-30691
was published
Aug 10, 2023
Pipenv's requirements.txt parsing allows malicious index url in comments
High
CVE-2022-21668
was published
for
pipenv
(pip)
Jan 12, 2022
ProTip!
Advisories are also available from the
GraphQL API