GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
382 advisories
Filter by severity
Mocodo vulnerable to SQL injection in `/web/generate.php`
Critical
CVE-2024-35374
was published
for
mocodo
(pip)
May 28, 2024
llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata
Critical
CVE-2024-34359
was published
for
llama-cpp-python
(pip)
May 13, 2024
ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command
Critical
CVE-2024-5023
was published
for
consoleme
(pip)
May 16, 2024
OpenStack Nova logs sensitive context from notification exceptions
Critical
CVE-2017-7214
was published
for
nova
(pip)
May 14, 2022
Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service
Critical
CVE-2024-32874
was published
for
frigate
(pip)
May 9, 2024
Salt allows deleted minions to read or write to minions with the same id
Critical
CVE-2016-9639
was published
for
salt
(pip)
May 17, 2022
Django user with hardcoded password created when running tests on Oracle
Critical
CVE-2016-9013
was published
for
django
(pip)
May 17, 2022
Couchbase Sync Gateway admin credentials not verified when using X.509 client cert authentication
Critical
CVE-2022-32563
was published
for
couchbase
(pip)
Jun 11, 2022
Withdrawn: Use after free in SciPy
Critical
CVE-2023-29824
was published
for
scipy
(pip)
Jul 6, 2023
•
withdrawn
OpenStack Octavia Amphora-Agent not requiring Client-Certificate
Critical
CVE-2019-17134
was published
for
octavia
(pip)
May 24, 2022
OpenStack os-vif Ageing time of 0 disables linuxbridge MAC learning
Critical
CVE-2019-15753
was published
for
os-vif
(pip)
May 24, 2022
Mercurial Incorrect Access Control vulnerability
Critical
CVE-2018-1000132
was published
for
mercurial
(pip)
May 13, 2022
Mercurial mishandles integer addition and subtraction
Critical
CVE-2018-13347
was published
for
mercurial
(pip)
May 13, 2022
Mercurial vulnerable to arbitrary code injection
Critical
CVE-2017-17458
was published
for
mercurial
(pip)
May 13, 2022
Mercurial is vulnerable to shell injection attack
Critical
CVE-2017-1000116
was published
for
mercurial
(pip)
May 13, 2022
Mercurial Out-of-bounds Read vulnerability
Critical
CVE-2018-17983
was published
for
mercurial
(pip)
May 14, 2022
Lin-CMS-Flask vulnerable to Improper Authentication
Critical
CVE-2020-18698
was published
for
Lin-CMS
(pip)
May 24, 2022
OpenStack Swauth object/proxy server writing Auth Token to log file
Critical
CVE-2017-16613
was published
for
swauth
(pip)
May 17, 2022
salt password information leaked in debug logs
Critical
CVE-2015-6941
was published
for
salt
(pip)
May 17, 2022
Radicale vulnerable to arbitrary file read or write
Critical
CVE-2015-8747
was published
for
Radicale
(pip)
May 17, 2022
Ops CLI Deserialization of Untrusted Data vulnerability
Critical
CVE-2021-40720
was published
for
ops-cli
(pip)
May 24, 2022
Scalyr Agent Missing SSL Certificate Validation
Critical
CVE-2020-24714
was published
for
scalyr-agent-2
(pip)
May 24, 2022
ReportLab vulnerable to remote code execution via paraparser
Critical
CVE-2019-19450
was published
for
reportlab
(pip)
Sep 20, 2023
pyLoad allows upload to arbitrary folder lead to RCE
Critical
CVE-2024-32880
was published
for
pyload-ng
(pip)
Apr 24, 2024
scikit-learn Deserialization of Untrusted Data
Critical
CVE-2020-13092
was published
for
scikit-learn
(pip)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API