Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,476
Erlang
33
GitHub Actions
24
Go
2,203
Maven
5,000+
npm
3,852
NuGet
696
pip
3,637
Pub
12
RubyGems
911
Rust
913
Swift
38
Unreviewed advisories
All unreviewed
5,000+

237 advisories

Loading
SaltStack Salt is vulnerable Arbitrary Directory Access High
CVE-2020-11652 was published for salt (pip) May 24, 2022
Ansible password prompts could expose passwords High
CVE-2019-10206 was published for ansible (pip) May 24, 2022
tdunlap607
Elastic APM agent for Python client CGI proxy redirection flaw Moderate
CVE-2019-7617 was published for elastic-apm (pip) May 24, 2022
Matrix Sydent mishandles emails Moderate
CVE-2019-11340 was published for matrix-sydent (pip) May 24, 2022
Missing validation causes `TensorSummaryV2` to crash Moderate
CVE-2022-29193 was published for tensorflow (pip) May 24, 2022
Ansible Remote Code Execution Critical
CVE-2014-4657 was published for ansible (pip) May 17, 2022
JGit Improper Input Validation vulnerability Critical
CVE-2014-9390 was published for mercurial (Maven) May 17, 2022
Improper input validation in pyftpdlib Moderate
CVE-2008-7264 was published for pyftpdlib (pip) May 17, 2022
OpenStack Nova Scheduler denial of service through scheduler_hints Low
CVE-2012-3371 was published for Nova (pip) May 17, 2022
Tornado CRLF injection vulnerability High
CVE-2012-2374 was published for tornado (pip) May 17, 2022
Apache Libcloud vulnerable to certificate impersonation Moderate
CVE-2012-3446 was published for apache-libcloud (pip) May 17, 2022
Django Image Field Vulnerable to Image Decompression Bombs High
CVE-2012-3443 was published for Django (pip) May 17, 2022
Django Allows Arbitrary URL Generation High
CVE-2012-4520 was published for django (pip) May 17, 2022
pyshop vulnerable to man-in-the-middle attacks due to using HTTP to retrieve packages from the PyPI repository High
CVE-2013-1630 was published for pyshop (pip) May 17, 2022
SaltStack MITM SSH attack in salt-ssh High
CVE-2013-4436 was published for salt (pip) May 17, 2022
PyOpenSSL Mishandles NUL Byte In Certificate Subject Alternative Name High
CVE-2013-4314 was published for pyOpenSSL (pip) May 17, 2022
Plone is vulnerable to email spoofing High
CVE-2013-4192 was published for plone (pip) May 17, 2022
Transifex command-line client has improper certificate validation High
CVE-2013-7110 was published for transifex-client (pip) May 17, 2022
OpenStack Image Registry and Delivery Service (Glance) Improper Input Validation vulnerability Moderate
CVE-2014-0162 was published for glance (pip) May 17, 2022
Cobbler vulnerable to code injection via unsafe YAML loading Moderate
CVE-2011-4953 was published for cobbler (pip) May 17, 2022
Bottle does not properly limit content-types High
CVE-2014-3137 was published for bottle (pip) May 17, 2022
OpenStack Murano Code Execution Critical
CVE-2016-4972 was published for murano (pip) May 17, 2022
PyWBEM TOCTOU vulnerability in certificate validation High
CVE-2013-6418 was published for pywbem (pip) May 17, 2022
PyWBEM TOCTOU vulnerability in certificate validation Moderate
CVE-2013-6444 was published for pywbem (pip) May 17, 2022
Radicale vulnerable to arbitrary file read or write Critical
CVE-2015-8747 was published for Radicale (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database