GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
228 advisories
Filter by severity
Mitmweb in mitmproxy allows DNS Rebinding attacks
Critical
CVE-2018-14505
was published
for
mitmproxy
(pip)
Jul 31, 2018
MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form
High
CVE-2023-34457
was published
for
MechanicalSoup
(pip)
Jul 5, 2023
SSRF in Sydent due to missing validation of hostnames
Moderate
CVE-2021-29431
was published
for
matrix-sydent
(pip)
Apr 19, 2021
Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints
Moderate
CVE-2021-21393
was published
for
matrix-synapse
(pip)
Apr 13, 2021
Denial of service attack due to invalid JSON
High
CVE-2020-26890
was published
for
matrix-synapse
(pip)
Nov 24, 2020
mangadex-downloader vulnerable to unauthorized file reading
Moderate
CVE-2022-36082
was published
for
mangadex-downloader
(pip)
Sep 16, 2022
OpensStack Neutron Denial of Service Vulnerability
High
CVE-2018-14635
was published
for
neutron
(pip)
May 13, 2022
JGit Improper Input Validation vulnerability
Critical
CVE-2014-9390
was published
for
mercurial
(Maven)
May 17, 2022
Mercurial Improper Input Validation vulnerability
High
CVE-2018-13346
was published
for
mercurial
(pip)
May 13, 2022
Mercurial Improper Input Validation vulnerability
High
CVE-2018-13348
was published
for
mercurial
(pip)
May 13, 2022
Tenant and Verifier might not use the same registrar data
Critical
CVE-2022-1053
was published
for
keylime
(pip)
May 5, 2022
modulemd uses an unsafe function for processing externally provided data
Critical
CVE-2017-1002157
was published
for
modulemd
(pip)
Jan 17, 2019
IPython vulnerable to command injection via set_term_title
Low
CVE-2023-24816
was published
for
ipython
(pip)
Feb 10, 2023
Mercurial vulnerable to arbitrary code execution via a crafted name when converting a Git repository
High
CVE-2016-3069
was published
for
mercurial
(pip)
May 14, 2022
Mercurial arbitrary code execution via a crafted git ext:: URL
High
CVE-2016-3068
was published
for
mercurial
(pip)
May 14, 2022
Mercurial vulnerable to arbitrary command execution via a crafted repository name in a clone command
Critical
CVE-2014-9462
was published
for
mercurial
(pip)
May 14, 2022
Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints
Moderate
CVE-2021-21394
was published
for
matrix-synapse
(pip)
Apr 13, 2021
Improper Input Validation in kdcproxy
High
CVE-2015-5159
was published
for
kdcproxy
(pip)
Nov 1, 2018
Malicious users could abuse Sydent to control the content of invitation emails
Moderate
CVE-2021-29432
was published
for
matrix-sydent
(pip)
Apr 19, 2021
Sydent vulnerable to denial of service attack via memory exhaustion
High
CVE-2021-29430
was published
for
matrix-sydent
(pip)
Apr 19, 2021
Sydent DoS (via resource exhaustion) due to improper input validation
Moderate
CVE-2021-29433
was published
for
matrix-sydent
(pip)
Apr 16, 2021
Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites
Moderate
CVE-2023-32323
was published
for
matrix-synapse
(pip)
May 24, 2023
Improper Input Validation in httpx
Critical
CVE-2021-41945
was published
for
httpx
(pip)
Apr 29, 2022
httplib2 incorrectly checks SSL certificate
Moderate
CVE-2013-2037
was published
for
httplib2
(pip)
May 14, 2022
Improper Input Validation in Jupyter Notebook
Critical
CVE-2015-7337
was published
for
ipython
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API