GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
279 advisories
Filter by severity
LangChain directory traversal vulnerability
Low
CVE-2024-28088
was published
for
langchain
(pip)
Mar 4, 2024
langchain Server-Side Request Forgery vulnerability
Low
CVE-2024-0243
was published
for
langchain
(pip)
Feb 26, 2024
MindSpore vulnerable to memory corruption
Low
CVE-2023-2970
was published
for
mindspore
(pip)
May 30, 2023
Vyper's `extract32` can ready dirty memory
Low
CVE-2024-24564
was published
for
vyper
(pip)
Feb 26, 2024
PyPop C extensions possible vulnerability: missing arguments and redundant null pointers
Low
GHSA-p4m5-32pr-2hqr
was published
for
pypop-genomics
(pip)
Feb 26, 2024
Libcloud does not properly scrub data when destroying a DigitalOcean node
Low
CVE-2013-6480
was published
for
apache-libcloud
(pip)
May 14, 2022
tuf's Metadata API: Targets.get_delegated_role() is missing input validation
Low
GHSA-77hh-43cm-v8j6
was published
for
tuf
(pip)
Feb 16, 2024
commonground-api-common unexploitable privilege escalation in JWT authentication middleware
Low
GHSA-c4cm-r9fh-jgj9
was published
for
commonground-api-common
(pip)
Feb 9, 2024
vantage6 may create unencrypted tasks in encrypted collaboration
Low
CVE-2024-22193
was published
for
vantage6
(pip)
Jan 30, 2024
vantage6 vulnerable to username timing attack
Low
CVE-2024-21671
was published
for
vantage6-server
(pip)
Jan 30, 2024
changedetection.io API endpoint is not secured with API token
Low
CVE-2024-23329
was published
for
changedetection-io
(pip)
Jan 23, 2024
Virtualenv Allows Symlink Attack on /tmp/
Low
CVE-2011-4617
was published
for
virtualenv
(pip)
May 17, 2022
OpenStack Nova Scheduler denial of service through scheduler_hints
Low
CVE-2012-3371
was published
for
Nova
(pip)
May 17, 2022
OpenStack Keystone intended authorization restrictions bypass
Low
CVE-2012-5571
was published
for
Keystone
(pip)
May 17, 2022
Minor fix to previous patch for CVE-2022-35918
Low
GHSA-8qw9-gf7w-42x5
was published
for
streamlit
(pip)
Jan 12, 2024
cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code
Low
CVE-2024-22194
was published
for
case-utils
(pip)
Jan 11, 2024
matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes
Low
CVE-2023-41335
was published
for
matrix-synapse
(pip)
Sep 26, 2023
matrix-synapse vulnerable to improper validation of receipts allows forged read receipts
Low
CVE-2023-42453
was published
for
matrix-synapse
(pip)
Sep 26, 2023
Nautobot missing object-level permissions enforcement when running Job Buttons
Low
CVE-2023-51649
was published
for
nautobot
(pip)
Dec 22, 2023
Unauthenticated db-file-storage views
Low
CVE-2023-50263
was published
for
nautobot
(pip)
Dec 13, 2023
PyDrive2's unsafe YAML deserialization in LoadSettingsFile allows arbitrary code execution
Low
CVE-2023-49297
was published
for
PyDrive2
(pip)
Dec 5, 2023
dbt-core's secret env vars written to package-lock.json in plaintext
Low
GHSA-j4g3-3q8x-jxqp
was published
for
dbt-core
(pip)
Dec 8, 2023
OpenStack Heat template URL information leakage
Low
CVE-2014-3801
was published
for
openstack-heat
(pip)
May 14, 2022
Urllib3 Incorrect Certificate Validation
Low
CVE-2016-9015
was published
for
urllib3
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API