Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

395 advisories

Loading
Contao affected by insert tag injection via canonical URL Moderate
CVE-2024-45612 was published for contao/core-bundle (Composer) Sep 17, 2024
aschempp
go.mongodb.org/mongo-driver improperly validates cstrings when marshalling Go objects into BSON Moderate
CVE-2021-20329 was published for go.mongodb.org/mongo-driver (Go) Jun 15, 2021
Improper date handling in Django Moderate
CVE-2010-4535 was published for Django (pip) Jul 23, 2018
MarkLee131
Session manipulation in Django Moderate
CVE-2011-4136 was published for Django (pip) Jul 23, 2018
MarkLee131
Improper query string handling in Django Moderate
CVE-2010-4534 was published for Django (pip) Jul 23, 2018
MarkLee131
Apache Airflow Improper Input Validation vulnerability Moderate
CVE-2023-22888 was published for apache-airflow (pip) Jul 12, 2023
Apache Airflow Improper Input Validation vulnerability Moderate
CVE-2023-36543 was published for apache-airflow (pip) Jul 12, 2023
Apache Syncope Improper Input Validation vulnerability Moderate
CVE-2024-38503 was published for org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui (Maven) Jul 22, 2024
Apache Libcloud vulnerable to certificate impersonation Moderate
CVE-2012-3446 was published for apache-libcloud (pip) May 17, 2022
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible Moderate
CVE-2019-14905 was published for ansible (pip) Apr 20, 2021
Ansible password prompts could expose passwords Moderate
CVE-2019-10206 was published for ansible (pip) May 24, 2022
tdunlap607
aiohttp's ClientSession is vulnerable to CRLF injection via version Moderate
CVE-2023-49081 was published for aiohttp (pip) Nov 27, 2023
jnovikov
aiohttp's ClientSession is vulnerable to CRLF injection via method Moderate
CVE-2023-49082 was published for aiohttp (pip) Nov 27, 2023
jnovikov
Improper Input Validation in ansible Moderate
CVE-2016-8647 was published for ansible (pip) Oct 10, 2018
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow Moderate
CVE-2023-6717 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Segmentation fault in tensorflow-lite Moderate
CVE-2020-15210 was published for tensorflow (pip) Sep 25, 2020
snapd failed to properly check the file type when extracting a snap Moderate
CVE-2024-29068 was published for github.com/snapcore/snapd (Go) Jul 25, 2024
Apache CXF Denial of Service vulnerability in JOSE Moderate
CVE-2024-32007 was published for org.apache.cxf:cxf-rt-rs-security-jose (Maven) Jul 19, 2024
Apache Superset server arbitrary file read Moderate
CVE-2024-34693 was published for apache-superset (pip) Jun 20, 2024
github.com/google/nftable IP addresses were encoded in the wrong byte order Moderate
CVE-2024-6284 was published for github.com/google/nftables (Go) Jul 4, 2024
Minder trusts client-provided mapping from repo name to upstream ID Moderate
CVE-2024-27093 was published for github.com/stacklok/minder (Go) Feb 26, 2024
evankanderson
Grafana Email addresses and usernames can not be trusted Moderate
CVE-2022-39306 was published for github.com/grafana/grafana (Go) May 14, 2024
Arbitrary File Creation in opencart Moderate
CVE-2024-21519 was published for opencart/opencart (Composer) Jun 22, 2024
Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service Moderate
CVE-2024-38359 was published for github.com/lightningnetwork/lnd (Go) Jun 20, 2024
morehouse
mysql2 cache poisoning vulnerability Moderate
CVE-2024-21507 was published for mysql2 (npm) Apr 10, 2024
ProTip! Advisories are also available from the GraphQL API