GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,079 advisories
Filter by severity
Buildah (as part of Podman) vulnerable to Path Traversal
Low
CVE-2022-4123
was published
for
github.com/containers/podman/v4
(Go)
Dec 8, 2022
RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be
Low
GHSA-xg2h-wx96-xgxr
was published
for
github.com/Masterminds/goutils
(Go)
May 21, 2021
In-band key negotiation issue in AWS S3 Crypto SDK for golang
Low
CVE-2020-8912
was published
for
github.com/aws/aws-sdk-go
(Go)
Feb 11, 2022
Duplicate Advisory: AVideo cross-site scripting vulnerability in the view/about.php page
Low
GHSA-qvwg-c35p-rqhj
was published
for
wwbn/avideo
(Composer)
May 14, 2024
•
withdrawn
Passbolt Api Retrieval of HTTP-only cookies
Low
GHSA-f5pp-pmq8-gp46
was published
for
passbolt/passbolt_api
(Composer)
May 20, 2024
vodozemac has degraded secret zeroization capabilities
Low
CVE-2024-34063
was published
for
vodozemac
(Rust)
May 3, 2024
random_compat Uses insecure CSPRNG
Low
GHSA-3fmq-x9q6-wm39
was published
for
paragonie/random_compat
(Composer)
May 17, 2024
onelogin/php-saml Improper signature validation on LogoutRequest/LogoutResponse.
Low
GHSA-9wrw-p9rm-r782
was published
for
onelogin/php-saml
(Composer)
May 17, 2024
Insecure deserialize Vulnerability in FLOW3
Low
GHSA-7h74-7vcw-4mwp
was published
for
neos/flow
(Composer)
May 17, 2024
Django data leakage via querystring manipulation in admin
Low
CVE-2014-0483
was published
for
Django
(pip)
May 14, 2022
Duplicate Advisory: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
Low
GHSA-r3w4-36x6-7r99
was published
for
nokogiri
(RubyGems)
May 14, 2024
•
withdrawn
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
Low
GHSA-r95h-9x8f-r3f7
was published
for
nokogiri
(RubyGems)
May 13, 2024
Monolog Header injection in NativeMailerHandler
Low
GHSA-f57v-q966-7fh6
was published
for
monolog/monolog
(Composer)
May 15, 2024
Laravel Encrypter Failure to decryption vulnerability
Low
GHSA-6wjw-qf87-fv5v
was published
for
illuminate/encryption
(Composer)
May 15, 2024
datadog/dd-trace Circumvents open_basedir INI directive
Low
GHSA-qvgg-r6rq-vwfx
was published
for
datadog/dd-trace
(Composer)
May 15, 2024
Grafana Forward OAuth Identity Token can allow users to access some data sources
Low
CVE-2022-21673
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
containerd started with non-empty inheritable Linux process capabilities
Low
GHSA-c9cp-9c75-9v8c
was published
for
github.com/containerd/containerd
(Go)
May 14, 2024
Local File Inclusion vulnerability in zmarkdown
Low
GHSA-mq6v-w35g-3c97
was published
for
zmarkdown
(npm)
Feb 3, 2024
OpenStack Glance sensitive information disclosure via logs
Low
CVE-2014-1948
was published
for
glance
(pip)
May 17, 2022
OpenStack Glance is vulnerable to Exposure of Sensitive Information
Low
CVE-2013-1840
was published
for
glance
(pip)
May 17, 2022
OpenStack Nova Changing vnic_type breaks compute service restart
Low
CVE-2022-37394
was published
for
nova
(pip)
Aug 4, 2022
OpenStack Compute (Nova) Resource limit circumvention in Nova private flavors
Low
CVE-2013-4278
was published
for
nova
(pip)
May 17, 2022
OpenStack Cinder LVMVolumeDriver does not zero deleted snapshots
Low
CVE-2013-4183
was published
for
cinder
(pip)
May 17, 2022
OpenStack Oslo utility sensitive information exposure via log files
Low
CVE-2014-7231
was published
for
oslo.utils
(pip)
May 14, 2022
OpenStack Keystone Sensitive information disclosure via log files
Low
CVE-2013-2006
was published
for
keystone
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API