GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
399 advisories
Filter by severity
SaltStack Salt Denial of Service via a crafted authentication request
High
CVE-2017-14696
was published
for
salt
(pip)
May 17, 2022
Improper Input Validation in pyftpdlib
High
CVE-2007-6739
was published
for
pyftpdlib
(pip)
May 1, 2022
Policies not properly enforced in bluemonday
High
CVE-2021-42576
was published
for
github.com/microcosm-cc/bluemonday
(Go)
Oct 19, 2021
privacyIDEA Improper Input Validation vulnerability
High
CVE-2018-1000809
was published
for
privacyIDEA
(pip)
Jan 14, 2019
Improper Input Validation in python-dbusmock
High
CVE-2015-1326
was published
for
python-dbusmock
(pip)
Apr 23, 2019
pyshop vulnerable to man-in-the-middle attacks due to using HTTP to retrieve packages from the PyPI repository
High
CVE-2013-1630
was published
for
pyshop
(pip)
May 17, 2022
Pipenv's requirements.txt parsing allows malicious index url in comments
High
CVE-2022-21668
was published
for
pipenv
(pip)
Jan 12, 2022
Livewire Remote Code Execution on File Uploads
High
CVE-2024-47823
was published
for
livewire/livewire
(Composer)
Oct 8, 2024
Pillow denial of service via PNG bomb
High
CVE-2014-9601
was published
for
pillow
(pip)
May 14, 2022
Pillow denial of service via Crafted Block Size
High
CVE-2014-3589
was published
for
pillow
(pip)
May 14, 2022
MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form
High
CVE-2023-34457
was published
for
MechanicalSoup
(pip)
Jul 5, 2023
Denial of service attack due to invalid JSON
High
CVE-2020-26890
was published
for
matrix-synapse
(pip)
Nov 24, 2020
OpensStack Neutron Denial of Service Vulnerability
High
CVE-2018-14635
was published
for
neutron
(pip)
May 13, 2022
Mercurial Improper Input Validation vulnerability
High
CVE-2018-13346
was published
for
mercurial
(pip)
May 13, 2022
Mercurial Improper Input Validation vulnerability
High
CVE-2018-13348
was published
for
mercurial
(pip)
May 13, 2022
Mercurial vulnerable to arbitrary code execution via a crafted name when converting a Git repository
High
CVE-2016-3069
was published
for
mercurial
(pip)
May 14, 2022
Mercurial arbitrary code execution via a crafted git ext:: URL
High
CVE-2016-3068
was published
for
mercurial
(pip)
May 14, 2022
Improper Input Validation in kdcproxy
High
CVE-2015-5159
was published
for
kdcproxy
(pip)
Nov 1, 2018
ProTip!
Advisories are also available from the
GraphQL API