Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,832
Maven
5,000+
npm
3,573
NuGet
632
pip
3,158
Pub
10
RubyGems
847
Rust
797
Swift
34
Unreviewed advisories
All unreviewed
5,000+

286 advisories

Loading
Vulnerable OpenSSL included in cryptography wheels Low
GHSA-v8gr-m533-ghj9 was published for cryptography (pip) Sep 21, 2023
Zope vulnerable to Stored Cross Site Scripting with SVG images Low
CVE-2023-42458 was published for Zope (pip) Sep 21, 2023
mauritsvanrees icemac
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes Low
CVE-2023-41329 was published for com.github.tomakehurst:wiremock-jre8 (Maven) Sep 8, 2023
W0rty numacanedo
tomakehurst Mahoney oleg-nenashev
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in hyper-bump-it Low
CVE-2023-41057 was published for hyper-bump-it (pip) Sep 4, 2023
plannigan
pyca/cryptography's wheels include vulnerable OpenSSL Low
GHSA-jm77-qphf-c4w8 was published for cryptography (pip) Aug 1, 2023
keylime fails to flag device as untrusted when signature does not validate Low
CVE-2023-3674 was published for keylime (pip) Jul 19, 2023
Fides Webserver Vulnerable to SVG Bomb File Uploads Low
CVE-2023-37481 was published for ethyca-fides (pip) Jul 18, 2023
daveqnet
Fides Webserver Vulnerable to Zip Bomb File Uploads Low
CVE-2023-37480 was published for ethyca-fides (pip) Jul 18, 2023
daveqnet
SafeURL-Python's hostname blocklist does not block FQDNs Low
GHSA-373w-rj84-pv6x was published for SafeURL-Python (pip) Jun 29, 2023
Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error Low
CVE-2023-34110 was published for Flask-AppBuilder (pip) Jun 22, 2023
msegoviag
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews Low
CVE-2023-32683 was published for matrix-synapse (pip) Jun 6, 2023
Vulnerable OpenSSL included in cryptography wheels Low
GHSA-5cpq-8wj7-hf2v was published for cryptography (pip) Jun 2, 2023
MindSpore vulnerable to memory corruption Low
CVE-2023-2970 was published for mindspore (pip) May 30, 2023
Vyper's nonpayable default functions are sometimes payable Low
CVE-2023-32675 was published for vyper (pip) May 22, 2023
trocher
Starlette has Path Traversal vulnerability in StaticFiles Low
CVE-2023-29159 was published for starlette (pip) May 17, 2023
aminalaee
kiwi TCMS has possibility for user to update email address to unverified one Low
CVE-2023-30544 was published for kiwitcms (pip) Apr 24, 2023
configobj ReDoS exploitable by developer using values in a server-side configuration file Low
CVE-2023-26112 was published for configobj (pip) Apr 3, 2023
redis-py Race Condition vulnerability Low
CVE-2023-28858 was published for redis (pip) Mar 26, 2023
Remote file existence check vulnerability in `mlflow server` and `mlflow ui` CLIs Low
CVE-2023-1176 was published for mlflow (pip) Mar 24, 2023
OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability Low
CVE-2022-4134 was published for glance (pip) Mar 7, 2023
Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions Low
CVE-2023-26052 was published for saleor (pip) Mar 2, 2023
Lemur subject to insecure random generation Low
GHSA-5fqv-mpj8-h7gm was published for lemur (pip) Mar 1, 2023
kjsman
Incorrect parsing of nameless cookies leads to __Host- cookies bypass Low
CVE-2023-23934 was published for Werkzeug (pip) Feb 15, 2023
lavish
Package discontinued because Bitly lowered the free quota Low
GHSA-ggrh-grj3-vfvw was published for bitlyshortener (pip) Nov 28, 2022
Temporary File Information Disclosure vulnerability in MPXJ Low
CVE-2022-41954 was published for mpxj (Maven) Nov 28, 2022
JLLeitschuh jkmartindale
ProTip! Advisories are also available from the GraphQL API