GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,249
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
266 advisories
Filter by severity
Ansible-Core vulnerable to content protections bypass
Low
CVE-2024-11079
was published
for
ansible-core
(pip)
Nov 12, 2024
PyJWT Issuer field partial matches allowed
Low
CVE-2024-53861
was published
for
PyJWT
(pip)
Dec 2, 2024
Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API
Low
CVE-2024-52008
was published
for
ethyca-fides
(pip)
Nov 26, 2024
OpenStack Nova host data leak to vm instance in rescue mode
Low
CVE-2014-0134
was published
for
nova
(pip)
May 17, 2022
Vyper's external calls can overflow return data to return input buffer
Low
CVE-2024-24560
was published
for
vyper
(pip)
Feb 2, 2024
LIEF obtain sensitive information via the name parameter
Low
CVE-2024-31636
was published
for
lief
(pip)
May 3, 2024
PyDrive2's unsafe YAML deserialization in LoadSettingsFile allows arbitrary code execution
Low
CVE-2023-49297
was published
for
PyDrive2
(pip)
Dec 5, 2023
Nautobot missing object-level permissions enforcement when running Job Buttons
Low
CVE-2023-51649
was published
for
nautobot
(pip)
Dec 22, 2023
Unauthenticated db-file-storage views
Low
CVE-2023-50263
was published
for
nautobot
(pip)
Dec 13, 2023
OpenStack Nova Scheduler denial of service through scheduler_hints
Low
CVE-2012-3371
was published
for
Nova
(pip)
May 17, 2022
Openstack Compute (Nova) Denial of service via network request that triggers large number of iptables rules
Low
CVE-2012-2101
was published
for
nova
(pip)
May 17, 2022
OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability
Low
CVE-2022-4134
was published
for
glance
(pip)
Mar 7, 2023
OpenStack Keystone Sensitive information disclosure via log files
Low
CVE-2013-2006
was published
for
keystone
(pip)
May 17, 2022
Zope allows local users to read arbitrary files
Low
CVE-2006-3458
was published
for
Zope2
(pip)
May 1, 2022
OpenStack Keystone intended authorization restrictions bypass
Low
CVE-2012-5571
was published
for
Keystone
(pip)
May 17, 2022
CHECK-fail in `QuantizeAndDequantizeV4Grad`
Low
CVE-2021-29544
was published
for
tensorflow
(pip)
May 21, 2021
Incorrect parsing of nameless cookies leads to __Host- cookies bypass
Low
CVE-2023-23934
was published
for
Werkzeug
(pip)
Feb 15, 2023
Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request
Low
CVE-2020-15239
was published
for
xmpp-http-upload
(pip)
Oct 6, 2020
vantage6 does not properly delete linked resources when deleting a collaboration
Low
CVE-2023-41881
was published
for
vantage6
(pip)
Oct 16, 2023
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability
Low
CVE-2024-42447
was published
for
apache-airflow-providers-fab
(pip)
Aug 5, 2024
dbt has an implicit override for built-in materializations from installed packages
Low
CVE-2024-40637
was published
for
dbt-core
(pip)
Jul 17, 2024
Weblate vulnerable to improper sanitization of project backups
Low
CVE-2024-39303
was published
for
Weblate
(pip)
Jul 1, 2024
Incorrect signature verification in django-ses
Low
CVE-2023-33185
was published
for
django-ses
(pip)
May 22, 2023
ProTip!
Advisories are also available from the
GraphQL API