GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
387 advisories
Filter by severity
Improper input validation in pyftpdlib
Moderate
CVE-2008-7264
was published
for
pyftpdlib
(pip)
May 17, 2022
Python RSA allows attackers to spoof signatures
Moderate
CVE-2016-1494
was published
for
rsa
(pip)
May 14, 2022
Arbitrary file deletion in litellm
Moderate
CVE-2024-4888
was published
for
litellm
(pip)
Jun 6, 2024
PyWBEM TOCTOU vulnerability in certificate validation
Moderate
CVE-2013-6444
was published
for
pywbem
(pip)
May 17, 2022
Magento Open Source Improper Input Validation vulnerability
Moderate
CVE-2024-45117
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Improper Input Validation in Buildah and Podman
Moderate
CVE-2024-9407
was published
for
github.com/containers/buildah
(Go)
Oct 1, 2024
Username spoofing in OnionShare
Moderate
CVE-2022-21696
was published
for
onionshare-cli
(pip)
Jan 21, 2022
OAuthLib vulnerable to DoS when attacker provides malicious IPV6 URI
Moderate
CVE-2022-36087
was published
for
oauthlib
(pip)
Sep 16, 2022
Apache Ambari: Various Cross site scripting problems
Moderate
CVE-2023-50378
was published
for
org.apache.ambari:ambari
(Maven)
Mar 1, 2024
SSRF in Sydent due to missing validation of hostnames
Moderate
CVE-2021-29431
was published
for
matrix-sydent
(pip)
Apr 19, 2021
Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints
Moderate
CVE-2021-21393
was published
for
matrix-synapse
(pip)
Apr 13, 2021
mangadex-downloader vulnerable to unauthorized file reading
Moderate
CVE-2022-36082
was published
for
mangadex-downloader
(pip)
Sep 16, 2022
HashiCorp Vault Improper Input Validation vulnerability
Moderate
CVE-2023-4680
was published
for
github.com/hashicorp/vault
(Go)
Sep 15, 2023
Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints
Moderate
CVE-2021-21394
was published
for
matrix-synapse
(pip)
Apr 13, 2021
Malicious users could abuse Sydent to control the content of invitation emails
Moderate
CVE-2021-29432
was published
for
matrix-sydent
(pip)
Apr 19, 2021
Sydent DoS (via resource exhaustion) due to improper input validation
Moderate
CVE-2021-29433
was published
for
matrix-sydent
(pip)
Apr 16, 2021
Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites
Moderate
CVE-2023-32323
was published
for
matrix-synapse
(pip)
May 24, 2023
Contao affected by insert tag injection via canonical URL
Moderate
CVE-2024-45612
was published
for
contao/core-bundle
(Composer)
Sep 17, 2024
httplib2 incorrectly checks SSL certificate
Moderate
CVE-2013-2037
was published
for
httplib2
(pip)
May 14, 2022
Gradio vulnerable to arbitrary file read and proxying of arbitrary URLs
Moderate
CVE-2023-34239
was published
for
gradio
(pip)
Jun 9, 2023
Elastic APM agent for Python client CGI proxy redirection flaw
Moderate
CVE-2019-7617
was published
for
elastic-apm
(pip)
May 24, 2022
Improper Input Validation in Django
Moderate
CVE-2019-3498
was published
for
Django
(pip)
Jan 14, 2019
Cross-site Scripting (XSS) in Django REST Framework
Moderate
CVE-2020-25626
was published
for
djangorestframework
(pip)
Mar 19, 2021
go.mongodb.org/mongo-driver improperly validates cstrings when marshalling Go objects into BSON
Moderate
CVE-2021-20329
was published
for
go.mongodb.org/mongo-driver
(Go)
Jun 15, 2021
ProTip!
Advisories are also available from the
GraphQL API