GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
228 advisories
Filter by severity
OpenStack Nova Scheduler denial of service through scheduler_hints
Low
CVE-2012-3371
was published
for
Nova
(pip)
May 17, 2022
Tornado CRLF injection vulnerability
Moderate
CVE-2012-2374
was published
for
tornado
(pip)
May 17, 2022
Apache Libcloud vulnerable to certificate impersonation
Moderate
CVE-2012-3446
was published
for
apache-libcloud
(pip)
May 17, 2022
Django Image Field Vulnerable to Image Decompression Bombs
High
CVE-2012-3443
was published
for
Django
(pip)
May 17, 2022
Django Allows Arbitrary URL Generation
High
CVE-2012-4520
was published
for
django
(pip)
May 17, 2022
pyshop vulnerable to man-in-the-middle attacks due to using HTTP to retrieve packages from the PyPI repository
Moderate
CVE-2013-1630
was published
for
pyshop
(pip)
May 17, 2022
PyOpenSSL Mishandles NUL Byte In Certificate Subject Alternative Name
Moderate
CVE-2013-4314
was published
for
pyOpenSSL
(pip)
May 17, 2022
Plone is vulnerable to email spoofing
Moderate
CVE-2013-4192
was published
for
plone
(pip)
May 17, 2022
Transifex command-line client has improper certificate validation
Moderate
CVE-2013-7110
was published
for
transifex-client
(pip)
May 17, 2022
OpenStack Image Registry and Delivery Service (Glance) Improper Input Validation vulnerability
Moderate
CVE-2014-0162
was published
for
glance
(pip)
May 17, 2022
Cobbler vulnerable to code injection via unsafe YAML loading
Moderate
CVE-2011-4953
was published
for
cobbler
(pip)
May 17, 2022
Bottle does not properly limit content-types
High
CVE-2014-3137
was published
for
bottle
(pip)
May 17, 2022
PyWBEM TOCTOU vulnerability in certificate validation
Moderate
CVE-2013-6444
was published
for
pywbem
(pip)
May 17, 2022
PyWBEM TOCTOU vulnerability in certificate validation
Moderate
CVE-2013-6418
was published
for
pywbem
(pip)
May 17, 2022
Radicale vulnerable to arbitrary file read or write
Critical
CVE-2015-8747
was published
for
Radicale
(pip)
May 17, 2022
Improper Input Validation in Jupyter Notebook
Critical
CVE-2015-7337
was published
for
ipython
(pip)
May 17, 2022
Improper input validation in cryptography
High
CVE-2016-9243
was published
for
cryptography
(pip)
May 17, 2022
FormEncode Access Restrictions Bypass
High
CVE-2008-6547
was published
for
FormEncode
(pip)
May 17, 2022
OpenStack Compute (Nova) Improper Input Validation
Moderate
CVE-2012-2654
was published
for
nova
(pip)
May 17, 2022
Tweepy does not verify SSL Certificate
Moderate
CVE-2012-5825
was published
for
tweepy
(pip)
May 17, 2022
Django Vulnerable to HTTP Response Splitting Attack
High
CVE-2015-5144
was published
for
Django
(pip)
May 17, 2022
SaltStack Salt Denial of Service via a crafted authentication request
High
CVE-2017-14696
was published
for
salt
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API