GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
8,879 advisories
Filter by severity
python-jose denial of service via compressed JWE content
Moderate
CVE-2024-33664
was published
for
python-jose
(pip)
Apr 26, 2024
Ghost has possible Cross-site Scripting issue
Moderate
CVE-2024-23724
was published
for
ghost
(npm)
Feb 11, 2024
Ansible Sensitive Files Are Locally Readable
Moderate
CVE-2014-4658
was published
for
ansible
(pip)
May 17, 2022
Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible
Moderate
CVE-2020-14330
was published
for
ansible
(pip)
Feb 9, 2022
Insertion of Sensitive Information into Log File and Improper Output Neutralization for Logs in ansible
Moderate
CVE-2020-14332
was published
for
ansible
(pip)
Feb 9, 2022
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible
Moderate
CVE-2019-14905
was published
for
ansible
(pip)
Apr 20, 2021
Serilog Client IP Spoofing vulnerability
Moderate
CVE-2024-44930
was published
for
Serilog.Enrichers.ClientInfo
(NuGet)
Aug 29, 2024
Indico has a Cross-Site-Scripting during account creation
Moderate
CVE-2024-45399
was published
for
indico
(pip)
Sep 4, 2024
Insertion of Sensitive Information into Log File in ansible
Moderate
CVE-2021-20178
was published
for
ansible
(pip)
Jun 1, 2021
B2 Command Line Tool TOCTOU application key disclosure
Moderate
CVE-2022-23653
was published
for
b2
(pip)
Feb 24, 2022
b2-sdk-python TOCTOU application key disclosure
Moderate
CVE-2022-23651
was published
for
b2sdk
(pip)
Feb 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in ansible
Moderate
CVE-2019-10156
was published
for
ansible
(pip)
Jul 31, 2019
Exposure of Sensitive Information to an Unauthorized Actor and Insecure Temporary File in Ansible
Moderate
CVE-2020-1740
was published
for
ansible
(pip)
Apr 7, 2021
Vertx gRPC server does not limit the maximum message size
Moderate
CVE-2024-8391
was published
for
io.vertx:vertx-grpc-client
(Maven)
Sep 4, 2024
Exposure of Sensitive Information to an Unauthorized Actor in ansible
Moderate
CVE-2019-10217
was published
for
ansible
(pip)
Oct 12, 2021
Inclusion of Sensitive Information in Log Files and Improper Output Neutralization for Logs in Ansible
Moderate
CVE-2019-14864
was published
for
ansible
(pip)
Feb 26, 2020
Bodhi Cross-site Scripting Vulnerability
Moderate
CVE-2017-1002152
was published
for
bodhi
(pip)
May 13, 2022
Ansible password prompts could expose passwords
Moderate
CVE-2019-10206
was published
for
ansible
(pip)
May 24, 2022
SQL Injection vulnerability in Reportico Till
Moderate
CVE-2023-47438
was published
for
reportico-web/reportico
(Composer)
Mar 28, 2024
AIOHTTP has problems in HTTP parser (the python one, not llhttp)
Moderate
CVE-2023-47627
was published
for
aiohttp
(pip)
Nov 14, 2023
aiohttp is vulnerable to directory traversal
Moderate
CVE-2024-23334
was published
for
aiohttp
(pip)
Jan 29, 2024
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
Moderate
CVE-2024-23829
was published
for
aiohttp
(pip)
Jan 29, 2024
Ansible Arbitrary File Overwrite Vulnerability
Moderate
CVE-2013-4260
was published
for
ansible
(pip)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API