GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
21 advisories
Filter by severity
Ansible does not verify that the server hostname matches a domain name in certificates
High
CVE-2015-3908
was published
for
ansible
(pip)
Oct 10, 2018
Insufficient Verification of Data Authenticity in python-keystoneclient
Critical
CVE-2013-2167
was published
for
python-keystoneclient
(pip)
Mar 10, 2020
Invalid root may become trusted root in The Update Framework (TUF)
Moderate
CVE-2020-15163
was published
for
tuf
(pip)
Sep 9, 2020
Insufficient Verification of Data Authenticity in Pillow
Moderate
CVE-2021-28678
was published
for
Pillow
(pip)
Jun 8, 2021
Missing validation during checkpoint loading
High
CVE-2021-41203
was published
for
tensorflow
(pip)
Nov 10, 2021
dnslib has DNS reply verification issue
High
CVE-2022-22846
was published
for
dnslib
(pip)
Jan 12, 2022
OpenStack Compute (Nova) has Insufficient Verification of Data Authenticity
Moderate
CVE-2015-0259
was published
for
nova
(pip)
May 14, 2022
Openstack Neutron has Insufficient Verification of IPv6 addresses
High
CVE-2021-20267
was published
for
neutron
(pip)
May 24, 2022
Incorrect header handling in mod-wsgi
High
CVE-2022-2255
was published
for
mod-wsgi
(pip)
Aug 26, 2022
Certifi removing TrustCor root certificate
Moderate
CVE-2022-23491
was published
for
certifi
(pip)
Dec 7, 2022
OpenZeppelin Contracts contains Improper Verification of Cryptographic Signature
Moderate
CVE-2023-23940
was published
for
openzeppelin-cairo-contracts
(pip)
Feb 2, 2023
Removal of e-Tugra root certificate
High
CVE-2023-37920
was published
for
certifi
(pip)
Jul 25, 2023
AsyncSSH Rogue Extension Negotiation
Moderate
CVE-2023-46445
was published
for
asyncssh
(pip)
Nov 9, 2023
vantage6-server node accepts non-whitelisted algorithms from malicious server
High
CVE-2023-47631
was published
for
vantage6-node
(pip)
Nov 14, 2023
AsyncSSH vulnerable to Prefix Truncation Attack (a.k.a. Terrapin Attack) against ChaCha20-Poly1305 and Encrypt-then-MAC
Moderate
GHSA-hfmc-7525-mj55
was published
for
asyncssh
(pip)
Dec 18, 2023
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
Moderate
CVE-2023-48795
was published
for
golang.org/x/crypto
(Go)
Dec 18, 2023
aiosmtpd vulnerable to SMTP smuggling
Moderate
CVE-2024-27305
was published
for
aiosmtpd
(pip)
Mar 13, 2024
Certifi removes GLOBALTRUST root certificate
Low
CVE-2024-39689
was published
for
certifi
(pip)
Jul 5, 2024
Gradio lacks integrity checking on the downloaded FRP client
High
CVE-2024-47867
was published
for
gradio
(pip)
Oct 10, 2024
OpenStack Neutron can use an incorrect ID during policy enforcement
Moderate
CVE-2024-53916
was published
for
neutron
(pip)
Nov 25, 2024
ProTip!
Advisories are also available from the
GraphQL API