Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,904
Erlang
38
GitHub Actions
38
Go
2,566
Maven
5,000+
npm
4,237
NuGet
753
pip
4,001
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

320 advisories

Loading
Unauthenticated views may expose information to anonymous users Low
CVE-2024-29199 was published for nautobot (pip) Mar 26, 2024
joewesch
Credited to joewesch
OpenStack Identity Keystone Privilege Escalation vulnerability Low
CVE-2013-4477 was published for keystone (pip) May 17, 2022
Transformers Deserialization of Untrusted Data vulnerability Low
CVE-2024-3568 was published for transformers (pip) Apr 10, 2024
MySQL Connectors Privilege Escalation Low
CVE-2017-3590 was published for mysql-connector-python (pip) May 13, 2022
Wagtail has permission check bypass when editing a model with per-field restrictions through `wagtail.contrib.settings` or `ModelViewSet` Low
CVE-2024-32882 was published for wagtail (pip) May 1, 2024
jams2 Morsey187
RealOrangeOne laymonage
Credited to jams2, Morsey187, RealOrangeOne, and laymonage
OpenStack Nova can leak consoleauth token into log files Low
CVE-2015-9543 was published for Nova (pip) May 24, 2022
Openstack nova qcow format could expose host filesystem information Low
CVE-2011-3147 was published for nova (pip) Apr 22, 2022
OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability in the Host Aggregates interface Low
CVE-2014-3594 was published for horizon (pip) May 13, 2022
OpenStack Nova live snapshots use an insecure local directory Low
CVE-2013-7048 was published for nova (pip) May 14, 2022
OpenStack Neutron Race condition vulnerability Low
CVE-2015-5240 was published for neutron (pip) May 17, 2022
OpenStack Nova denial of service through compressed disk images Low
CVE-2013-4463 was published for nova (pip) May 17, 2022
OpenStack Compute (Nova) Denial of service due to improper validation of virtual size of QCOW2 image Low
CVE-2013-4469 was published for nova (pip) May 17, 2022
OpenStack Oslo utility sensitive information exposure via log files Low
CVE-2014-7231 was published for oslo.utils (pip) May 14, 2022
OpenStack Compute (Nova) Resource limit circumvention in Nova private flavors Low
CVE-2013-4278 was published for nova (pip) May 17, 2022
OpenStack Nova Changing vnic_type breaks compute service restart Low
CVE-2022-37394 was published for nova (pip) Aug 4, 2022
OpenStack Glance is vulnerable to Exposure of Sensitive Information Low
CVE-2013-1840 was published for glance (pip) May 17, 2022
vantage6 collaboration admins can extend their influence by expanding the collaboration Low
CVE-2024-32969 was published for vantage6 (pip) May 22, 2024
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability Low
CVE-2024-34715 was published for ethyca-fides (pip) May 29, 2024
tariqajyusuf pattisdr
Credited to tariqajyusuf and pattisdr
Slack integration leaks sensitive information in logs Low
CVE-2024-35196 was published for sentry (pip) Jun 2, 2024
asottile asottile-sentry
Credited to asottile and asottile-sentry
Arbitrary JavaScript execution due to using outdated libraries Low
GHSA-4m3g-6r7g-jv4f was published for gradio_pdf (pip) Jun 5, 2024
isacaya
Credited to isacaya
tqdm CLI arguments injection attack Low
CVE-2024-34062 was published for tqdm (pip) May 3, 2024
CopperEagle
Credited to CopperEagle
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider Low
CVE-2024-29733 was published for apache-airflow-providers-ftp (pip) Apr 21, 2024
ericwb
Credited to ericwb
Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js Low
CVE-2024-38537 was published for ethyca-fides (pip) Jul 2, 2024
yt-dlp has dependency on potentially malicious third-party code in Douyu extractors Low
GHSA-3v33-3wmw-3785 was published for yt-dlp (pip) Jul 8, 2024
LeSuisse bashonly
Credited to LeSuisse and bashonly
zenml-io/zenml does not expire the session after password reset Low
CVE-2024-4680 was published for zenml (pip) Jun 8, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database