Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

365 advisories

Loading
OpenStack Octavia Amphora-Agent not requiring Client-Certificate Critical
CVE-2019-17134 was published for octavia (pip) May 24, 2022
OpenStack os-vif Ageing time of 0 disables linuxbridge MAC learning Critical
CVE-2019-15753 was published for os-vif (pip) May 24, 2022
SaltStack Salt Command Injection in netapi ssh client Critical
CVE-2020-16846 was published for salt (pip) May 24, 2022
Mercurial Incorrect Access Control vulnerability Critical
CVE-2018-1000132 was published for mercurial (pip) May 13, 2022
Mercurial mishandles integer addition and subtraction Critical
CVE-2018-13347 was published for mercurial (pip) May 13, 2022
Mercurial vulnerable to arbitrary code injection Critical
CVE-2017-17458 was published for mercurial (pip) May 13, 2022
Mercurial is vulnerable to shell injection attack Critical
CVE-2017-1000116 was published for mercurial (pip) May 13, 2022
Mercurial Out-of-bounds Read vulnerability Critical
CVE-2018-17983 was published for mercurial (pip) May 14, 2022
Lin-CMS-Flask vulnerable to Improper Authentication Critical
CVE-2020-18698 was published for Lin-CMS (pip) May 24, 2022
OpenStack Swauth object/proxy server writing Auth Token to log file Critical
CVE-2017-16613 was published for swauth (pip) May 17, 2022
salt password information leaked in debug logs Critical
CVE-2015-6941 was published for salt (pip) May 17, 2022
Radicale vulnerable to arbitrary file read or write Critical
CVE-2015-8747 was published for Radicale (pip) May 17, 2022
Ops CLI Deserialization of Untrusted Data vulnerability Critical
CVE-2021-40720 was published for ops-cli (pip) May 24, 2022
Scalyr Agent Missing SSL Certificate Validation Critical
CVE-2020-24714 was published for scalyr-agent-2 (pip) May 24, 2022
ReportLab vulnerable to remote code execution via paraparser Critical
CVE-2019-19450 was published for reportlab (pip) Sep 20, 2023
pyLoad allows upload to arbitrary folder lead to RCE Critical
CVE-2024-32880 was published for pyload-ng (pip) Apr 24, 2024
zhcy2018
scikit-learn Deserialization of Untrusted Data Critical
CVE-2020-13092 was published for scikit-learn (pip) May 24, 2022
py-lmdb Invalid write operation Critical
CVE-2019-16227 was published for lmdb (pip) May 24, 2022
py-lmdb Invalid write operation Critical
CVE-2019-16224 was published for lmdb (pip) May 24, 2022
py-lmdb Invalid write operation Critical
CVE-2019-16225 was published for lmdb (pip) May 24, 2022
AdaptiveScale LXDUI Hardcoded JWT Secret Key Critical
CVE-2021-40494 was published for lxdui (pip) May 24, 2022
git-big-picture Code Execution Critical
CVE-2021-3028 was published for git-big-picture (pip) May 24, 2022
SaltStack Salt SQL Injection vulnerability in mysql.user_chpass function Critical
CVE-2019-1010259 was published for salt (pip) May 24, 2022
SaltStack Salt is vulnerable to command injection Critical
CVE-2019-17361 was published for salt (pip) May 24, 2022
SaltStack Salt Unauthenticated Remote Code Execution Critical
CVE-2020-11651 was published for salt (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API