GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,298 advisories
Filter by severity
curl_cffi bundles a version of libcurl affected by High Severity vulnerability
High
GHSA-3vpc-4p9p-47hc
was published
for
curl-cffi
(pip)
Oct 22, 2024
SiCKRAGE Discloses Plaintext Credentials
Critical
CVE-2018-9160
was published
for
sickrage
(pip)
May 13, 2022
Sentry vulnerable to invite code reuse via cookie manipulation
Moderate
CVE-2022-23485
was published
for
sentry
(pip)
Dec 12, 2022
SleekXMPP and Slixmpp Incorrect Implementation of Message Carbons
Moderate
CVE-2017-5591
was published
for
SleekXMPP
(pip)
May 13, 2022
Scalyr Agent 2 Missing SSL Certificate Validation
Critical
CVE-2020-24715
was published
for
scalyr-agent-2
(pip)
May 24, 2022
Scalyr Agent Missing SSL Certificate Validation
Critical
CVE-2020-24714
was published
for
scalyr-agent-2
(pip)
May 24, 2022
scikit-learn Deserialization of Untrusted Data
Critical
CVE-2020-13092
was published
for
scikit-learn
(pip)
May 24, 2022
Cross Site Scripting (XSS) in Simiki
Moderate
CVE-2020-19000
was published
for
simiki
(pip)
Sep 1, 2021
SaltStack Salt Improper SSL Certificate Validation
High
CVE-2020-35662
was published
for
salt
(pip)
May 24, 2022
SciPy creates insecure temporary directories
High
CVE-2013-4251
was published
for
scipy
(pip)
May 5, 2022
Cross-site scripting in sickrage
Moderate
CVE-2021-25926
was published
for
sickrage
(pip)
Apr 20, 2021
Setuptools vulnerable to Man-in-the-middle attacks
High
CVE-2013-1633
was published
for
setuptools
(pip)
May 17, 2022
Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy
Moderate
CVE-2022-0577
was published
for
scrapy
(pip)
Mar 1, 2022
Code Injection in SLO Generator
Moderate
CVE-2021-22557
was published
for
slo-generator
(pip)
Oct 5, 2021
SaltStack Salt command injection via a crafted process name
High
CVE-2020-28243
was published
for
salt
(pip)
May 24, 2022
Exposure of Resource to Wrong Sphere in salt
High
CVE-2021-21996
was published
for
salt
(pip)
Nov 21, 2021
SaltStack Salt Improper Authentication via Man in the Middle Attack
Low
CVE-2022-22935
was published
for
salt
(pip)
Mar 30, 2022
SaltStack Salt Denial of Service via a crafted authentication request
High
CVE-2017-14696
was published
for
salt
(pip)
May 17, 2022
SaltStack Salt Authentication Bypass by Capture-replay
High
CVE-2022-22936
was published
for
salt
(pip)
Mar 30, 2022
SaltStack Salt Allows creating certificates with weak file permissions
Moderate
CVE-2020-17490
was published
for
salt
(pip)
May 24, 2022
SaltStack Salt Command Injection in netapi ssh client
Critical
CVE-2020-16846
was published
for
salt
(pip)
May 24, 2022
SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi
Critical
CVE-2020-25592
was published
for
salt
(pip)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API