GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
97,391 advisories
Filter by severity
A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed...
High
Unreviewed
CVE-2023-0971
was published
Jun 21, 2023
koji hub allows arbitrary upload destinations
High
CVE-2019-17109
was published
for
koji
(pip)
May 24, 2022
Incorrect Default Permissions in keyring
High
CVE-2012-5577
was published
for
keyring
(pip)
Mar 11, 2020
Insufficient Session Expiration in OpenStack Keystone
High
CVE-2020-12690
was published
for
keystone
(pip)
Jun 9, 2021
langchain SQL Injection vulnerability
High
CVE-2023-36189
was published
for
langchain
(pip)
Jul 6, 2023
OpenStack keystonemiddleware does not verify certificate
High
CVE-2014-7144
was published
for
keystonemiddleware
(pip)
May 17, 2022
OpenStack Keystone Insufficient token expiration
High
CVE-2012-5563
was published
for
keystone
(pip)
May 17, 2022
OpenStack keystonemiddleware and python-keystoneclient vulnerable to man-in-the-middle attacks
High
CVE-2015-1852
was published
for
keystonemiddleware
(pip)
May 17, 2022
OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID
High
CVE-2020-12691
was published
for
keystone
(pip)
May 24, 2022
Python Keyring does not securely initialize encryption cipher
High
CVE-2012-4571
was published
for
keyring
(pip)
May 17, 2022
Execution with Unnecessary Privileges in ipython
High
CVE-2022-21699
was published
for
ipython
(pip)
Jan 21, 2022
Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability
High
CVE-2023-5077
was published
for
github.com/hashicorp/vault
(Go)
Sep 29, 2023
Openstack ironic-inspector has SQL injection vulnerability in node_cache
High
CVE-2019-10141
was published
for
ironic-inspector
(pip)
May 24, 2022
json2xml Uncaught Exception vulnerability
High
CVE-2022-25024
was published
for
json2xml
(pip)
Aug 23, 2023
Kallithea cross-site request forgery (CSRF) vulnerability
High
CVE-2015-0276
was published
for
Kallithea
(pip)
May 13, 2022
Kallithea CRLF injection vulnerability
High
CVE-2015-5285
was published
for
kallithea
(pip)
May 13, 2022
IPython vulnerable to cross site request forgery (CSRF)
High
CVE-2015-5607
was published
for
ipython
(pip)
May 17, 2022
user-readable api tokens in systemd units for JupyterHub
High
CVE-2020-26261
was published
for
jupyterhub-systemdspawner
(pip)
Dec 9, 2020
Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75 allowed a remote...
High
Unreviewed
CVE-2018-20072
was published
Sep 24, 2024
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it...
High
Unreviewed
CVE-2023-22862
was published
Jun 5, 2023
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is...
High
Unreviewed
CVE-2024-7149
was published
Sep 27, 2024
IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to...
High
Unreviewed
CVE-2023-28956
was published
Jun 22, 2023
Apache Log4j 1.x (EOL) allows Denial of Service (DoS)
High
CVE-2023-26464
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Mar 10, 2023
Keycloak Session Fixation vulnerability
High
CVE-2024-7341
was published
for
org.keycloak:keycloak-services
(Maven)
Sep 9, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-8608
was published
Sep 27, 2024
ProTip!
Advisories are also available from the
GraphQL API