GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
398 advisories
Filter by severity
SaltStack Salt Directory traversal vulnerability in minion id validation
Critical
CVE-2017-12791
was published
for
salt
(pip)
May 17, 2022
Django user with hardcoded password created when running tests on Oracle
Critical
CVE-2016-9013
was published
for
Django
(pip)
May 17, 2022
SaltStack Salt Directory traversal vulnerability in minion id validation
Critical
CVE-2017-14695
was published
for
salt
(pip)
May 17, 2022
OpenStack Swauth object/proxy server writing Auth Token to log file
Critical
CVE-2017-16613
was published
for
swauth
(pip)
May 17, 2022
OpenStack Nova logs sensitive context from notification exceptions
Critical
CVE-2017-7214
was published
for
nova
(pip)
May 14, 2022
Cobbler vulnerable to arbitrary code execution
Critical
CVE-2017-1000469
was published
for
cobbler
(pip)
May 14, 2022
Django Tastypie Improper Deserialization of YAML Data
Critical
CVE-2011-4104
was published
for
django-tastypie
(pip)
May 14, 2022
Mercurial vulnerable to arbitrary command execution via a crafted repository name in a clone command
Critical
CVE-2014-9462
was published
for
mercurial
(pip)
May 14, 2022
python-kerberos vulnerable to KDC spoofing attacks
Critical
CVE-2015-3206
was published
for
kerberos
(pip)
May 14, 2022
AsyncSSH SSH Server Authentication Bypass
Critical
CVE-2018-7749
was published
for
AsyncSSH
(pip)
May 14, 2022
Donfig Command Injection in collect_yaml method
Critical
CVE-2019-7537
was published
for
donfig
(pip)
May 14, 2022
web2py remote code execution via hardcoded encryption key in session.connect function
Critical
CVE-2016-3953
was published
for
web2py
(pip)
May 14, 2022
web2py is vulnerable to password brute-force attack
Critical
CVE-2016-10321
was published
for
web2py
(pip)
May 14, 2022
Cobbler has Exposed Dangerous Method or Function
Critical
CVE-2018-10931
was published
for
cobbler
(pip)
May 13, 2022
SiCKRAGE Discloses Plaintext Credentials
Critical
CVE-2018-9160
was published
for
sickrage
(pip)
May 13, 2022
Cobbler Improper Validation of Security Tokens
Critical
CVE-2018-1000226
was published
for
cobbler
(pip)
May 13, 2022
SaltStack Salt allows compromised salt-minions to impersonate the salt-master
Critical
CVE-2017-7893
was published
for
salt
(pip)
May 13, 2022
Unsafe pyyaml load usage in PyAnyAPI
Critical
CVE-2017-16616
was published
for
pyanyapi
(pip)
May 13, 2022
Mercurial is vulnerable to shell injection attack
Critical
CVE-2017-1000116
was published
for
mercurial
(pip)
May 13, 2022
Mercurial vulnerable to arbitrary code injection
Critical
CVE-2017-17458
was published
for
mercurial
(pip)
May 13, 2022
Mercurial Incorrect Access Control vulnerability
Critical
CVE-2018-1000132
was published
for
mercurial
(pip)
May 13, 2022
Mercurial mishandles integer addition and subtraction
Critical
CVE-2018-13347
was published
for
mercurial
(pip)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API