Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

279 advisories

Loading
vantage6 may create unencrypted tasks in encrypted collaboration Low
CVE-2024-22193 was published for vantage6 (pip) Jan 30, 2024
vantage6 vulnerable to username timing attack Low
CVE-2024-21671 was published for vantage6-server (pip) Jan 30, 2024
changedetection.io API endpoint is not secured with API token Low
CVE-2024-23329 was published for changedetection-io (pip) Jan 23, 2024
rozpuszczalny
Minor fix to previous patch for CVE-2022-35918 Low
GHSA-8qw9-gf7w-42x5 was published for streamlit (pip) Jan 12, 2024
cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code Low
CVE-2024-22194 was published for case-utils (pip) Jan 11, 2024
ajnelson-nist kchason
Nautobot missing object-level permissions enforcement when running Job Buttons Low
CVE-2023-51649 was published for nautobot (pip) Dec 22, 2023
abdikanipd
Unauthenticated db-file-storage views Low
CVE-2023-50263 was published for nautobot (pip) Dec 13, 2023
Kircheneer
dbt-core's secret env vars written to package-lock.json in plaintext Low
GHSA-j4g3-3q8x-jxqp was published for dbt-core (pip) Dec 8, 2023
jtcohen6 martynydbt
PyDrive2's unsafe YAML deserialization in LoadSettingsFile allows arbitrary code execution Low
CVE-2023-49297 was published for PyDrive2 (pip) Dec 5, 2023
ejedev
Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacks Low
CVE-2023-47641 was published for aiohttp (pip) Nov 14, 2023
chinchila
Fides JavaScript Injection Vulnerability in Privacy Center URL Low
CVE-2023-46126 was published for ethyca-fides (pip) Oct 24, 2023
Wagtail vulnerable to disclosure of user names via admin bulk action views Low
CVE-2023-45809 was published for wagtail (pip) Oct 19, 2023
quyenheu
vantage6 does not properly delete linked resources when deleting a collaboration Low
CVE-2023-41881 was published for vantage6 (pip) Oct 16, 2023
Zope management interface vulnerable to stored cross site scripting via the title property Low
CVE-2023-44389 was published for Zope (pip) Oct 4, 2023
dataflake drfho
icemac d-maurer
matrix-synapse vulnerable to improper validation of receipts allows forged read receipts Low
CVE-2023-42453 was published for matrix-synapse (pip) Sep 26, 2023
matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes Low
CVE-2023-41335 was published for matrix-synapse (pip) Sep 26, 2023
plone.restapi vulnerable to Stored Cross Site Scripting with SVG image in user portrait Low
GHSA-hc5c-r8m5-2gfh was published for plone.restapi (pip) Sep 21, 2023
plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images Low
CVE-2023-41048 was published for plone.namedfile (pip) Sep 21, 2023
msegoviag
Vulnerable OpenSSL included in cryptography wheels Low
GHSA-v8gr-m533-ghj9 was published for cryptography (pip) Sep 21, 2023
Zope vulnerable to Stored Cross Site Scripting with SVG images Low
CVE-2023-42458 was published for Zope (pip) Sep 21, 2023
mauritsvanrees icemac
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes Low
CVE-2023-41329 was published for com.github.tomakehurst:wiremock-jre8 (Maven) Sep 8, 2023
W0rty numacanedo
tomakehurst Mahoney oleg-nenashev
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in hyper-bump-it Low
CVE-2023-41057 was published for hyper-bump-it (pip) Sep 4, 2023
plannigan
pyca/cryptography's wheels include vulnerable OpenSSL Low
GHSA-jm77-qphf-c4w8 was published for cryptography (pip) Aug 1, 2023
keylime fails to flag device as untrusted when signature does not validate Low
CVE-2023-3674 was published for keylime (pip) Jul 19, 2023
Fides Webserver Vulnerable to SVG Bomb File Uploads Low
CVE-2023-37481 was published for ethyca-fides (pip) Jul 18, 2023
daveqnet
ProTip! Advisories are also available from the GraphQL API