GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,264 advisories
Filter by severity
OpenStack Ironic fails to verify checksums of supplied image_source URLs
Moderate
CVE-2024-47211
was published
for
ironic
(pip)
Oct 4, 2024
pretix Stored Cross-site Scripting vulnerability
High
CVE-2024-8113
was published
for
pretix
(pip)
Aug 23, 2024
OpenStack Neutron's unsupported dport option prevents applying security groups
High
CVE-2019-9735
was published
for
neutron
(pip)
May 13, 2022
JupyterHub OAuthenticator elevation of privilege
High
CVE-2018-7206
was published
for
oauthenticator
(pip)
May 13, 2022
OpenStack Neutron vulnerable to hardware address impersonation
High
CVE-2021-38598
was published
for
neutron
(pip)
May 24, 2022
Apache Superset: Improper error handling on alerts
Moderate
CVE-2024-27315
was published
for
apache-superset
(pip)
Feb 28, 2024
Heap-based Buffer Overflow in sqlite-vec
High
CVE-2024-46488
was published
for
sqlite-vec
(RubyGems)
Sep 25, 2024
Inventree Server-Side Request Forgery vulnerability exposes server port/internal IP
Moderate
GHSA-vx3h-qwqw-r2wq
was published
for
inventree
(pip)
Oct 2, 2024
Base class whitelist configuration ignored in OAuthenticator
High
CVE-2020-26250
was published
for
oauthenticator
(pip)
Dec 1, 2020
Special Element Injection in notebook
High
CVE-2021-32798
was published
for
notebook
(pip)
Aug 23, 2021
Numpy arbitrary file write via symlink attack
High
CVE-2014-1859
was published
for
numpy
(pip)
May 14, 2022
OAuth2 client ID and secret exposed through the web browser
High
CVE-2024-9014
was published
for
pgadmin4
(pip)
Sep 23, 2024
Arbitrary file overwrite in OpenStack Nova
High
CVE-2012-3447
was published
for
nova
(pip)
May 17, 2022
MoinMoin Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2016-7148
was published
for
moin
(pip)
May 17, 2022
Insufficient Protection against HTTP Request Smuggling in mitmproxy
Critical
CVE-2022-24766
was published
for
mitmproxy
(pip)
Mar 22, 2022
Mitmweb in mitmproxy allows DNS Rebinding attacks
Critical
CVE-2018-14505
was published
for
mitmproxy
(pip)
Jul 31, 2018
MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form
High
CVE-2023-34457
was published
for
MechanicalSoup
(pip)
Jul 5, 2023
modoboa Cross-site Scripting vulnerability
Critical
CVE-2023-5688
was published
for
modoboa
(pip)
Oct 20, 2023
modoboa Cross-site Scripting vulnerability
High
CVE-2023-5689
was published
for
modoboa
(pip)
Oct 20, 2023
Lacking Protection against HTTP Request Smuggling in mitmproxy
Critical
CVE-2021-39214
was published
for
mitmproxy
(pip)
Sep 20, 2021
MoinMoin Improper Access Control vulnerability
High
CVE-2009-4762
was published
for
moin
(pip)
May 2, 2022
mlflow is vulnerable to remote file access in `mlflow server` and `mlflow ui` CLIs
Critical
CVE-2023-1177
was published
for
mlflow
(pip)
Mar 24, 2023
ProTip!
Advisories are also available from the
GraphQL API