Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

399 advisories

Loading
SaltStack Salt Denial of Service via a crafted authentication request High
CVE-2017-14696 was published for salt (pip) May 17, 2022
Improper Input Validation in pyftpdlib High
CVE-2007-6739 was published for pyftpdlib (pip) May 1, 2022
Policies not properly enforced in bluemonday High
CVE-2021-42576 was published for github.com/microcosm-cc/bluemonday (Go) Oct 19, 2021
privacyIDEA Improper Input Validation vulnerability High
CVE-2018-1000809 was published for privacyIDEA (pip) Jan 14, 2019
Plone Header Injection High
CVE-2015-7318 was published for Plone (pip) May 17, 2022
Plone is vulnerable to email spoofing High
CVE-2013-4192 was published for plone (pip) May 17, 2022
Improper Input Validation in python-dbusmock High
CVE-2015-1326 was published for python-dbusmock (pip) Apr 23, 2019
pyshop vulnerable to man-in-the-middle attacks due to using HTTP to retrieve packages from the PyPI repository High
CVE-2013-1630 was published for pyshop (pip) May 17, 2022
Improper Input Validation in pip High
CVE-2021-3572 was published for pip (pip) Nov 15, 2021
Pipenv's requirements.txt parsing allows malicious index url in comments High
CVE-2022-21668 was published for pipenv (pip) Jan 12, 2022
milo-minderbinder
Plone Denial of Service vulnerability High
CVE-2011-4462 was published for Plone (pip) Jul 23, 2018
Livewire Remote Code Execution on File Uploads High
CVE-2024-47823 was published for livewire/livewire (Composer) Oct 8, 2024
angelej RChutchev
Improper Input Validation in pip High
CVE-2013-1629 was published for pip (pip) May 13, 2022
Pillow denial of service via PNG bomb High
CVE-2014-9601 was published for pillow (pip) May 14, 2022
Pillow denial of service via Crafted Block Size High
CVE-2014-3589 was published for pillow (pip) May 14, 2022
Arbitrary file write in NumPy High
CVE-2014-1858 was published for numpy (pip) May 14, 2022
jhutchings1
Filename spoofing in archive High
CVE-2023-39137 was published for archive (Pub) Aug 31, 2023
kj415j45
MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form High
CVE-2023-34457 was published for MechanicalSoup (pip) Jul 5, 2023
e-c-d
Denial of service attack due to invalid JSON High
CVE-2020-26890 was published for matrix-synapse (pip) Nov 24, 2020
dkasak
OpensStack Neutron Denial of Service Vulnerability High
CVE-2018-14635 was published for neutron (pip) May 13, 2022
Mercurial Improper Input Validation vulnerability High
CVE-2018-13346 was published for mercurial (pip) May 13, 2022
Mercurial Improper Input Validation vulnerability High
CVE-2018-13348 was published for mercurial (pip) May 13, 2022
Mercurial vulnerable to arbitrary code execution via a crafted name when converting a Git repository High
CVE-2016-3069 was published for mercurial (pip) May 14, 2022
Mercurial arbitrary code execution via a crafted git ext:: URL High
CVE-2016-3068 was published for mercurial (pip) May 14, 2022
Improper Input Validation in kdcproxy High
CVE-2015-5159 was published for kdcproxy (pip) Nov 1, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database