Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

8,879 advisories

Loading
python-jose denial of service via compressed JWE content Moderate
CVE-2024-33664 was published for python-jose (pip) Apr 26, 2024
garyd203
Ghost has possible Cross-site Scripting issue Moderate
CVE-2024-23724 was published for ghost (npm) Feb 11, 2024
Ansible Sensitive Files Are Locally Readable Moderate
CVE-2014-4658 was published for ansible (pip) May 17, 2022
Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible Moderate
CVE-2020-14330 was published for ansible (pip) Feb 9, 2022
Insertion of Sensitive Information into Log File and Improper Output Neutralization for Logs in ansible Moderate
CVE-2020-14332 was published for ansible (pip) Feb 9, 2022
jhampson-dbre
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible Moderate
CVE-2019-14905 was published for ansible (pip) Apr 20, 2021
Serilog Client IP Spoofing vulnerability Moderate
CVE-2024-44930 was published for Serilog.Enrichers.ClientInfo (NuGet) Aug 29, 2024
vbakke
Indico has a Cross-Site-Scripting during account creation Moderate
CVE-2024-45399 was published for indico (pip) Sep 4, 2024
Path Traversal in bikshed Moderate
CVE-2021-23423 was published for bikeshed (pip) Aug 30, 2021
Insertion of Sensitive Information into Log File in ansible Moderate
CVE-2021-20178 was published for ansible (pip) Jun 1, 2021
B2 Command Line Tool TOCTOU application key disclosure Moderate
CVE-2022-23653 was published for b2 (pip) Feb 24, 2022
janschejbal
Path Traversal in Ansible Moderate
CVE-2020-10691 was published for ansible (pip) Apr 20, 2021
tdunlap607
b2-sdk-python TOCTOU application key disclosure Moderate
CVE-2022-23651 was published for b2sdk (pip) Feb 24, 2022
janschejbal
Exposure of Sensitive Information to an Unauthorized Actor in ansible Moderate
CVE-2019-10156 was published for ansible (pip) Jul 31, 2019
tdunlap607
Exposure of Sensitive Information to an Unauthorized Actor and Insecure Temporary File in Ansible Moderate
CVE-2020-1740 was published for ansible (pip) Apr 7, 2021
Vertx gRPC server does not limit the maximum message size Moderate
CVE-2024-8391 was published for io.vertx:vertx-grpc-client (Maven) Sep 4, 2024
Exposure of Sensitive Information to an Unauthorized Actor in ansible Moderate
CVE-2019-10217 was published for ansible (pip) Oct 12, 2021
Inclusion of Sensitive Information in Log Files and Improper Output Neutralization for Logs in Ansible Moderate
CVE-2019-14864 was published for ansible (pip) Feb 26, 2020
Bodhi Cross-site Scripting Vulnerability Moderate
CVE-2017-1002152 was published for bodhi (pip) May 13, 2022
Ansible password prompts could expose passwords Moderate
CVE-2019-10206 was published for ansible (pip) May 24, 2022
tdunlap607
SQL Injection vulnerability in Reportico Till Moderate
CVE-2023-47438 was published for reportico-web/reportico (Composer) Mar 28, 2024
AIOHTTP has problems in HTTP parser (the python one, not llhttp) Moderate
CVE-2023-47627 was published for aiohttp (pip) Nov 14, 2023
kenballus
aiohttp is vulnerable to directory traversal Moderate
CVE-2024-23334 was published for aiohttp (pip) Jan 29, 2024
lcttty solarpeng502
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators Moderate
CVE-2024-23829 was published for aiohttp (pip) Jan 29, 2024
pajod
Ansible Arbitrary File Overwrite Vulnerability Moderate
CVE-2013-4260 was published for ansible (pip) May 14, 2022
ProTip! Advisories are also available from the GraphQL API