GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,832
Maven
5,000+
npm
3,573
NuGet
632
pip
3,158
Pub
10
RubyGems
847
Rust
797
Swift
34
Unreviewed advisories
All unreviewed
5,000+
286 advisories
Filter by severity
Vulnerable OpenSSL included in cryptography wheels
Low
GHSA-v8gr-m533-ghj9
was published
for
cryptography
(pip)
Sep 21, 2023
Zope vulnerable to Stored Cross Site Scripting with SVG images
Low
CVE-2023-42458
was published
for
Zope
(pip)
Sep 21, 2023
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes
Low
CVE-2023-41329
was published
for
com.github.tomakehurst:wiremock-jre8
(Maven)
Sep 8, 2023
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in hyper-bump-it
Low
CVE-2023-41057
was published
for
hyper-bump-it
(pip)
Sep 4, 2023
pyca/cryptography's wheels include vulnerable OpenSSL
Low
GHSA-jm77-qphf-c4w8
was published
for
cryptography
(pip)
Aug 1, 2023
keylime fails to flag device as untrusted when signature does not validate
Low
CVE-2023-3674
was published
for
keylime
(pip)
Jul 19, 2023
Fides Webserver Vulnerable to SVG Bomb File Uploads
Low
CVE-2023-37481
was published
for
ethyca-fides
(pip)
Jul 18, 2023
Fides Webserver Vulnerable to Zip Bomb File Uploads
Low
CVE-2023-37480
was published
for
ethyca-fides
(pip)
Jul 18, 2023
SafeURL-Python's hostname blocklist does not block FQDNs
Low
GHSA-373w-rj84-pv6x
was published
for
SafeURL-Python
(pip)
Jun 29, 2023
Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error
Low
CVE-2023-34110
was published
for
Flask-AppBuilder
(pip)
Jun 22, 2023
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews
Low
CVE-2023-32683
was published
for
matrix-synapse
(pip)
Jun 6, 2023
Vulnerable OpenSSL included in cryptography wheels
Low
GHSA-5cpq-8wj7-hf2v
was published
for
cryptography
(pip)
Jun 2, 2023
MindSpore vulnerable to memory corruption
Low
CVE-2023-2970
was published
for
mindspore
(pip)
May 30, 2023
Vyper's nonpayable default functions are sometimes payable
Low
CVE-2023-32675
was published
for
vyper
(pip)
May 22, 2023
Starlette has Path Traversal vulnerability in StaticFiles
Low
CVE-2023-29159
was published
for
starlette
(pip)
May 17, 2023
kiwi TCMS has possibility for user to update email address to unverified one
Low
CVE-2023-30544
was published
for
kiwitcms
(pip)
Apr 24, 2023
configobj ReDoS exploitable by developer using values in a server-side configuration file
Low
CVE-2023-26112
was published
for
configobj
(pip)
Apr 3, 2023
Remote file existence check vulnerability in `mlflow server` and `mlflow ui` CLIs
Low
CVE-2023-1176
was published
for
mlflow
(pip)
Mar 24, 2023
OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability
Low
CVE-2022-4134
was published
for
glance
(pip)
Mar 7, 2023
Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions
Low
CVE-2023-26052
was published
for
saleor
(pip)
Mar 2, 2023
Lemur subject to insecure random generation
Low
GHSA-5fqv-mpj8-h7gm
was published
for
lemur
(pip)
Mar 1, 2023
Incorrect parsing of nameless cookies leads to __Host- cookies bypass
Low
CVE-2023-23934
was published
for
Werkzeug
(pip)
Feb 15, 2023
Package discontinued because Bitly lowered the free quota
Low
GHSA-ggrh-grj3-vfvw
was published
for
bitlyshortener
(pip)
Nov 28, 2022
Temporary File Information Disclosure vulnerability in MPXJ
Low
CVE-2022-41954
was published
for
mpxj
(Maven)
Nov 28, 2022
ProTip!
Advisories are also available from the
GraphQL API