GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
395 advisories
Filter by severity
Contao affected by insert tag injection via canonical URL
Moderate
CVE-2024-45612
was published
for
contao/core-bundle
(Composer)
Sep 17, 2024
go.mongodb.org/mongo-driver improperly validates cstrings when marshalling Go objects into BSON
Moderate
CVE-2021-20329
was published
for
go.mongodb.org/mongo-driver
(Go)
Jun 15, 2021
Improper query string handling in Django
Moderate
CVE-2010-4534
was published
for
Django
(pip)
Jul 23, 2018
Apache Airflow Improper Input Validation vulnerability
Moderate
CVE-2023-22888
was published
for
apache-airflow
(pip)
Jul 12, 2023
Apache Airflow Improper Input Validation vulnerability
Moderate
CVE-2023-36543
was published
for
apache-airflow
(pip)
Jul 12, 2023
Apache Syncope Improper Input Validation vulnerability
Moderate
CVE-2024-38503
was published
for
org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui
(Maven)
Jul 22, 2024
Apache Libcloud vulnerable to certificate impersonation
Moderate
CVE-2012-3446
was published
for
apache-libcloud
(pip)
May 17, 2022
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible
Moderate
CVE-2019-14905
was published
for
ansible
(pip)
Apr 20, 2021
Ansible password prompts could expose passwords
Moderate
CVE-2019-10206
was published
for
ansible
(pip)
May 24, 2022
aiohttp's ClientSession is vulnerable to CRLF injection via version
Moderate
CVE-2023-49081
was published
for
aiohttp
(pip)
Nov 27, 2023
aiohttp's ClientSession is vulnerable to CRLF injection via method
Moderate
CVE-2023-49082
was published
for
aiohttp
(pip)
Nov 27, 2023
Improper Input Validation in ansible
Moderate
CVE-2016-8647
was published
for
ansible
(pip)
Oct 10, 2018
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow
Moderate
CVE-2023-6717
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Segmentation fault in tensorflow-lite
Moderate
CVE-2020-15210
was published
for
tensorflow
(pip)
Sep 25, 2020
snapd failed to properly check the file type when extracting a snap
Moderate
CVE-2024-29068
was published
for
github.com/snapcore/snapd
(Go)
Jul 25, 2024
Apache CXF Denial of Service vulnerability in JOSE
Moderate
CVE-2024-32007
was published
for
org.apache.cxf:cxf-rt-rs-security-jose
(Maven)
Jul 19, 2024
Apache Superset server arbitrary file read
Moderate
CVE-2024-34693
was published
for
apache-superset
(pip)
Jun 20, 2024
github.com/google/nftable IP addresses were encoded in the wrong byte order
Moderate
CVE-2024-6284
was published
for
github.com/google/nftables
(Go)
Jul 4, 2024
Minder trusts client-provided mapping from repo name to upstream ID
Moderate
CVE-2024-27093
was published
for
github.com/stacklok/minder
(Go)
Feb 26, 2024
Grafana Email addresses and usernames can not be trusted
Moderate
CVE-2022-39306
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Arbitrary File Creation in opencart
Moderate
CVE-2024-21519
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service
Moderate
CVE-2024-38359
was published
for
github.com/lightningnetwork/lnd
(Go)
Jun 20, 2024
mysql2 cache poisoning vulnerability
Moderate
CVE-2024-21507
was published
for
mysql2
(npm)
Apr 10, 2024
ProTip!
Advisories are also available from the
GraphQL API