Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,002 advisories

Loading
Django contains Uncontrolled Resource Consumption via cached header High
CVE-2023-23969 was published for django (pip) Feb 1, 2023
MarkLee131
Django Denial-of-service by filling session store High
CVE-2015-5143 was published for django (pip) Jul 5, 2019
MarkLee131
Directory traversal in Django High
CVE-2011-0698 was published for django (pip) Jul 23, 2018
MarkLee131
MLflow has a Local File Read/Path Traversal bypass High
CVE-2024-3848 was published for mlflow (pip) May 16, 2024
Cross-Site Request Forgery vulnerability in Prefect High
CVE-2023-6022 was published for prefect (pip) Nov 16, 2023
zangell44 bunchesofdonald
OpenStack Swift Unchecked user input in XML responses High
CVE-2013-2161 was published for swift (pip) May 14, 2022
OpenStack Nova Live migration can leak root disk into ephemeral storage High
CVE-2013-7130 was published for nova (pip) May 17, 2022
OpenStack Neutron Intended MAC-spoofing protection mechanism bypass High
CVE-2016-5363 was published for neutron (pip) May 17, 2022
OpenStack Identity (Keystone) DoS through V3 API authentication chaining High
CVE-2014-2828 was published for keystone (pip) May 17, 2022
OpenStack Nova DoS by rebuilding the same instance with a new image multiple times High
CVE-2017-17051 was published for nova (pip) May 13, 2022
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled High
CVE-2024-32977 was published for OctoPrint (pip) May 14, 2024
jacopotediosi
Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages High
CVE-2024-34707 was published for nautobot (pip) May 13, 2024
michaelpanorios
OpenStack Ironic Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2016-4985 was published for ironic (pip) May 13, 2022
OpenStack Identity service (keystone) Incorrect Authorization High
CVE-2017-2673 was published for keystone (pip) May 13, 2022
Plone anonymous access to sub-objects in CMFEditions where KwAsAttributes classes were publishable High
CVE-2011-4030 was published for Plone (pip) May 17, 2022
OpenStack Keystone allows information disclosure during account locking High
CVE-2021-38155 was published for keystone (pip) May 24, 2022
Plone CMS Improper Session Management High
CVE-2008-1394 was published for Plone (pip) May 1, 2022
Plone Improper Session Management High
CVE-2008-1393 was published for Plone (pip) May 1, 2022
MoinMoin Improper Privilege Management High
CVE-2004-1463 was published for Moin (pip) Apr 29, 2022
gradio vulnerable to Path Traversal High
CVE-2024-1561 was published for gradio (pip) Apr 16, 2024
SaltStack insecurely uses /tmp High
CVE-2013-4437 was published for salt (pip) May 17, 2022
MoinMoin Improper Access Control High
CVE-2004-1462 was published for Moin (pip) Apr 29, 2022
MoinMoin allows administrative access High
CVE-2004-0708 was published for Moin (pip) Apr 29, 2022
OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID High
CVE-2020-12691 was published for keystone (pip) May 24, 2022
OpenStack Identity Keystone and keystonemiddleware Insufficiently Protected Credentials High
CVE-2015-7546 was published for keystone (pip) May 13, 2022
ProTip! Advisories are also available from the GraphQL API