GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,260 advisories
Filter by severity
OpenZeppelin Contracts for Cairo account cannot process transactions on Goerli
Moderate
CVE-2022-31153
was published
for
openzeppelin-cairo-contracts
(pip)
Jul 15, 2022
ChainerRL Visualizer 0.1.1 vulnerable to Path Traversal via unsafe use of send_file function
Critical
CVE-2022-31573
was published
for
chainerrl-visualizer
(pip)
Jul 12, 2022
Potential double free of buffer during string decoding
Moderate
CVE-2022-31117
was published
for
ujson
(pip)
Jul 5, 2022
Withdrawn: Denial of Service in aiohttp
Moderate
CVE-2022-33124
was published
for
aiohttp
(pip)
Jun 24, 2022
•
withdrawn
Incorrect handling of invalid surrogate pair characters
High
CVE-2022-31116
was published
for
ujson
(pip)
Jul 5, 2022
Tooxie Shiva 0.10.0 allows absolute path traversal because Flask send_file function used unsafely
Critical
CVE-2022-31558
was published
for
shiva
(pip)
Jul 12, 2022
Possible leak of key's raw field if declared length is incorrect
High
CVE-2022-31124
was published
for
openssh-key-parser
(pip)
Jul 6, 2022
Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Moderate
CVE-2023-0055
was published
for
pyload-ng
(pip)
Jan 5, 2023
Bots using py-cord as Discord API wrapper are vulnerable to shutdowns through remote code execution
High
CVE-2022-36024
was published
for
py-cord
(pip)
Aug 18, 2022
pyLoad vulnerable to Improper Restriction of Rendered UI Layers or Frames
Moderate
CVE-2023-0057
was published
for
pyload-ng
(pip)
Jan 5, 2023
Twisted vulnerable to NameVirtualHost Host header injection
Moderate
CVE-2022-39348
was published
for
twisted
(pip)
Oct 26, 2022
Cookie and header exposure in twisted
High
CVE-2022-21712
was published
for
twisted
(pip)
Feb 7, 2022
pypa/wheel vulnerable to Regular Expression denial of service (ReDoS)
High
CVE-2022-40898
was published
for
wheel
(pip)
Dec 23, 2022
Uncaught Exception (due to a data race) leads to process termination in Waitress
Moderate
CVE-2022-31015
was published
for
waitress
(pip)
Jun 2, 2022
Access control issue in AlekSIS-Core
Moderate
CVE-2022-29773
was published
for
aleksis-core
(pip)
Jun 4, 2022
Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator oauthenticator
Moderate
CVE-2022-31027
was published
for
oauthenticator
(pip)
Jun 6, 2022
Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates
Moderate
CVE-2021-4180
was published
for
tripleo-heat-templates
(pip)
Mar 24, 2022
Key confusion through non-blocklisted public key formats
High
CVE-2022-29217
was published
for
pyjwt
(pip)
May 24, 2022
rdiffweb 2.4.1 vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
High
CVE-2022-3174
was published
for
rdiffweb
(pip)
Sep 14, 2022
simplejson before 2.6.1 vulnerable to array index error
Moderate
CVE-2014-4616
was published
for
simplejson
(pip)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API