Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,125 advisories

Loading
Code injection in nbgitpuller High
CVE-2021-39160 was published for nbgitpuller (pip) Aug 30, 2021
OpenStack Neutron's unsupported dport option prevents applying security groups High
CVE-2019-9735 was published for neutron (pip) May 13, 2022
JupyterHub OAuthenticator elevation of privilege High
CVE-2018-7206 was published for oauthenticator (pip) May 13, 2022
jhutchings1
ReDOS in Mpmath High
CVE-2021-29063 was published for mpmath (pip) Aug 9, 2021
bryan-rhm
OpenStack Neutron vulnerable to hardware address impersonation High
CVE-2021-38598 was published for neutron (pip) May 24, 2022
Heap-based Buffer Overflow in sqlite-vec High
CVE-2024-46488 was published for sqlite-vec (RubyGems) Sep 25, 2024
Base class whitelist configuration ignored in OAuthenticator High
CVE-2020-26250 was published for oauthenticator (pip) Dec 1, 2020
Special Element Injection in notebook High
CVE-2021-32798 was published for notebook (pip) Aug 23, 2021
0xDeva
Numpy arbitrary file write via symlink attack High
CVE-2014-1859 was published for numpy (pip) May 14, 2022
jhutchings1
OAuth2 client ID and secret exposed through the web browser High
CVE-2024-9014 was published for pgadmin4 (pip) Sep 23, 2024
m3t3kh4n
Arbitrary file overwrite in OpenStack Nova High
CVE-2012-3447 was published for nova (pip) May 17, 2022
MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form High
CVE-2023-34457 was published for MechanicalSoup (pip) Jul 5, 2023
e-c-d
modoboa Cross-site Scripting vulnerability High
CVE-2023-5689 was published for modoboa (pip) Oct 20, 2023
MoinMoin Improper Access Control vulnerability High
CVE-2009-4762 was published for moin (pip) May 2, 2022
Mercurial has Incorrect Permission Assignment for Critical Resource High
CVE-2017-9462 was published for mercurial (pip) Jul 13, 2018
Directory traversal in mkdocs High
CVE-2021-40978 was published for mkdocs (pip) Oct 12, 2021
Insecure Temporary File in mlflow High
CVE-2022-0736 was published for mlflow (pip) Feb 24, 2022
MoinMoin Exposure of Sensitive Disclosure when GATEWAY_INTERFACE variable is set High
CVE-2010-0667 was published for moin (pip) May 2, 2022
anonymous4ACL24
Mercurial vulnerable to arbitrary code execution when converting Git repos High
CVE-2016-3105 was published for mercurial (pip) May 17, 2022
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG High
CVE-2019-11842 was published for matrix-sydent (pip) May 24, 2022
westonsteimel
Denial of service attack due to invalid JSON High
CVE-2020-26890 was published for matrix-synapse (pip) Nov 24, 2020
dkasak
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths High
CVE-2022-31052 was published for matrix-synapse (pip) Jun 29, 2022
Open redirect via transitional IPv6 addresses on dual-stack networks High
CVE-2021-21392 was published for matrix-synapse (pip) Apr 13, 2021
mscherer
Denial of service due to incorrect application of event authorization rules High
CVE-2022-31152 was published for matrix-synapse (pip) Aug 31, 2022
Synapse Denial of service due to incorrect application of event authorization rules during state resolution High
CVE-2022-39374 was published for matrix-synapse (pip) May 24, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database