Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

279 advisories

Loading
LangChain directory traversal vulnerability Low
CVE-2024-28088 was published for langchain (pip) Mar 4, 2024
levpachmanov
langchain Server-Side Request Forgery vulnerability Low
CVE-2024-0243 was published for langchain (pip) Feb 26, 2024
MindSpore vulnerable to memory corruption Low
CVE-2023-2970 was published for mindspore (pip) May 30, 2023
Vyper's `extract32` can ready dirty memory Low
CVE-2024-24564 was published for vyper (pip) Feb 26, 2024
trocher
PyPop C extensions possible vulnerability: missing arguments and redundant null pointers Low
GHSA-p4m5-32pr-2hqr was published for pypop-genomics (pip) Feb 26, 2024
Libcloud does not properly scrub data when destroying a DigitalOcean node Low
CVE-2013-6480 was published for apache-libcloud (pip) May 14, 2022
tuf's Metadata API: Targets.get_delegated_role() is missing input validation Low
GHSA-77hh-43cm-v8j6 was published for tuf (pip) Feb 16, 2024
commonground-api-common unexploitable privilege escalation in JWT authentication middleware Low
GHSA-c4cm-r9fh-jgj9 was published for commonground-api-common (pip) Feb 9, 2024
vantage6 may create unencrypted tasks in encrypted collaboration Low
CVE-2024-22193 was published for vantage6 (pip) Jan 30, 2024
vantage6 vulnerable to username timing attack Low
CVE-2024-21671 was published for vantage6-server (pip) Jan 30, 2024
changedetection.io API endpoint is not secured with API token Low
CVE-2024-23329 was published for changedetection-io (pip) Jan 23, 2024
rozpuszczalny
Virtualenv Allows Symlink Attack on /tmp/ Low
CVE-2011-4617 was published for virtualenv (pip) May 17, 2022
Loggerhead XSS via filename Low
CVE-2011-0728 was published for loggerhead (pip) May 17, 2022
OpenStack Nova Scheduler denial of service through scheduler_hints Low
CVE-2012-3371 was published for Nova (pip) May 17, 2022
OpenStack Keystone intended authorization restrictions bypass Low
CVE-2012-5571 was published for Keystone (pip) May 17, 2022
Minor fix to previous patch for CVE-2022-35918 Low
GHSA-8qw9-gf7w-42x5 was published for streamlit (pip) Jan 12, 2024
cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code Low
CVE-2024-22194 was published for case-utils (pip) Jan 11, 2024
ajnelson-nist kchason
matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes Low
CVE-2023-41335 was published for matrix-synapse (pip) Sep 26, 2023
matrix-synapse vulnerable to improper validation of receipts allows forged read receipts Low
CVE-2023-42453 was published for matrix-synapse (pip) Sep 26, 2023
Nautobot missing object-level permissions enforcement when running Job Buttons Low
CVE-2023-51649 was published for nautobot (pip) Dec 22, 2023
abdikanipd
Unauthenticated db-file-storage views Low
CVE-2023-50263 was published for nautobot (pip) Dec 13, 2023
Kircheneer
PyDrive2's unsafe YAML deserialization in LoadSettingsFile allows arbitrary code execution Low
CVE-2023-49297 was published for PyDrive2 (pip) Dec 5, 2023
ejedev
dbt-core's secret env vars written to package-lock.json in plaintext Low
GHSA-j4g3-3q8x-jxqp was published for dbt-core (pip) Dec 8, 2023
jtcohen6 martynydbt
OpenStack Heat template URL information leakage Low
CVE-2014-3801 was published for openstack-heat (pip) May 14, 2022
Urllib3 Incorrect Certificate Validation Low
CVE-2016-9015 was published for urllib3 (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API