GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,002 advisories
Filter by severity
Django contains Uncontrolled Resource Consumption via cached header
High
CVE-2023-23969
was published
for
django
(pip)
Feb 1, 2023
Django Denial-of-service by filling session store
High
CVE-2015-5143
was published
for
django
(pip)
Jul 5, 2019
MLflow has a Local File Read/Path Traversal bypass
High
CVE-2024-3848
was published
for
mlflow
(pip)
May 16, 2024
Cross-Site Request Forgery vulnerability in Prefect
High
CVE-2023-6022
was published
for
prefect
(pip)
Nov 16, 2023
OpenStack Swift Unchecked user input in XML responses
High
CVE-2013-2161
was published
for
swift
(pip)
May 14, 2022
OpenStack Nova Live migration can leak root disk into ephemeral storage
High
CVE-2013-7130
was published
for
nova
(pip)
May 17, 2022
OpenStack Neutron Intended MAC-spoofing protection mechanism bypass
High
CVE-2016-5363
was published
for
neutron
(pip)
May 17, 2022
OpenStack Identity (Keystone) DoS through V3 API authentication chaining
High
CVE-2014-2828
was published
for
keystone
(pip)
May 17, 2022
OpenStack Nova DoS by rebuilding the same instance with a new image multiple times
High
CVE-2017-17051
was published
for
nova
(pip)
May 13, 2022
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
High
CVE-2024-32977
was published
for
OctoPrint
(pip)
May 14, 2024
Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages
High
CVE-2024-34707
was published
for
nautobot
(pip)
May 13, 2024
OpenStack Ironic Exposure of Sensitive Information to an Unauthorized Actor
High
CVE-2016-4985
was published
for
ironic
(pip)
May 13, 2022
OpenStack Identity service (keystone) Incorrect Authorization
High
CVE-2017-2673
was published
for
keystone
(pip)
May 13, 2022
Plone anonymous access to sub-objects in CMFEditions where KwAsAttributes classes were publishable
High
CVE-2011-4030
was published
for
Plone
(pip)
May 17, 2022
OpenStack Keystone allows information disclosure during account locking
High
CVE-2021-38155
was published
for
keystone
(pip)
May 24, 2022
OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID
High
CVE-2020-12691
was published
for
keystone
(pip)
May 24, 2022
OpenStack Identity Keystone and keystonemiddleware Insufficiently Protected Credentials
High
CVE-2015-7546
was published
for
keystone
(pip)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API