Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

228 advisories

Loading
OpenStack Nova Scheduler denial of service through scheduler_hints Low
CVE-2012-3371 was published for Nova (pip) May 17, 2022
Tornado CRLF injection vulnerability Moderate
CVE-2012-2374 was published for tornado (pip) May 17, 2022
Apache Libcloud vulnerable to certificate impersonation Moderate
CVE-2012-3446 was published for apache-libcloud (pip) May 17, 2022
Django Image Field Vulnerable to Image Decompression Bombs High
CVE-2012-3443 was published for Django (pip) May 17, 2022
Django Allows Arbitrary URL Generation High
CVE-2012-4520 was published for django (pip) May 17, 2022
pyshop vulnerable to man-in-the-middle attacks due to using HTTP to retrieve packages from the PyPI repository Moderate
CVE-2013-1630 was published for pyshop (pip) May 17, 2022
SaltStack MITM SSH attack in salt-ssh High
CVE-2013-4436 was published for salt (pip) May 17, 2022
PyOpenSSL Mishandles NUL Byte In Certificate Subject Alternative Name Moderate
CVE-2013-4314 was published for pyOpenSSL (pip) May 17, 2022
Plone is vulnerable to email spoofing Moderate
CVE-2013-4192 was published for plone (pip) May 17, 2022
Transifex command-line client has improper certificate validation Moderate
CVE-2013-7110 was published for transifex-client (pip) May 17, 2022
OpenStack Image Registry and Delivery Service (Glance) Improper Input Validation vulnerability Moderate
CVE-2014-0162 was published for glance (pip) May 17, 2022
Cobbler vulnerable to code injection via unsafe YAML loading Moderate
CVE-2011-4953 was published for cobbler (pip) May 17, 2022
Bottle does not properly limit content-types High
CVE-2014-3137 was published for bottle (pip) May 17, 2022
OpenStack Murano Code Execution Critical
CVE-2016-4972 was published for murano (pip) May 17, 2022
PyWBEM TOCTOU vulnerability in certificate validation Moderate
CVE-2013-6444 was published for pywbem (pip) May 17, 2022
PyWBEM TOCTOU vulnerability in certificate validation Moderate
CVE-2013-6418 was published for pywbem (pip) May 17, 2022
Radicale vulnerable to arbitrary file read or write Critical
CVE-2015-8747 was published for Radicale (pip) May 17, 2022
Improper Input Validation in Jupyter Notebook Critical
CVE-2015-7337 was published for ipython (pip) May 17, 2022
Improper input validation in cryptography High
CVE-2016-9243 was published for cryptography (pip) May 17, 2022
jhutchings1
FormEncode Access Restrictions Bypass High
CVE-2008-6547 was published for FormEncode (pip) May 17, 2022
OpenStack Compute (Nova) Improper Input Validation Moderate
CVE-2012-2654 was published for nova (pip) May 17, 2022
Tweepy does not verify SSL Certificate Moderate
CVE-2012-5825 was published for tweepy (pip) May 17, 2022
Django Vulnerable to HTTP Response Splitting Attack High
CVE-2015-5144 was published for Django (pip) May 17, 2022
sunSUNQ
Plone Header Injection High
CVE-2015-7318 was published for plone (pip) May 17, 2022
SaltStack Salt Denial of Service via a crafted authentication request High
CVE-2017-14696 was published for salt (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database