GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
240,683 advisories
Filter by severity
httplib2 incorrectly checks SSL certificate
Low
CVE-2013-2037
was published
for
httplib2
(pip)
May 14, 2022
MoinMoin improper sanitizes user profiles
High
CVE-2010-0669
was published
for
moin
(pip)
May 2, 2022
IPython Notebook vulnerable to improper validation of the origin of websocket requests
Moderate
CVE-2014-3429
was published
for
ipython
(pip)
May 14, 2022
Pillow is vulnerable to Denial of Service (DOS) in the Jpeg2KImagePlugin
Moderate
CVE-2014-3598
was published
for
pillow
(pip)
May 14, 2022
MoinMoin has multiple vulnerabilities related to superuser list, xmlrpc and OpenID configuration
Moderate
CVE-2010-0668
was published
for
moin
(pip)
May 2, 2022
Plone Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2016-7139
was published
for
Plone
(pip)
May 14, 2022
MoinMoin has improper default configuration
High
CVE-2010-0717
was published
for
moin
(pip)
May 2, 2022
Plone vulnerable to filesystem information leak
Moderate
CVE-2016-7135
was published
for
Plone
(pip)
May 14, 2022
MoinMoin Cross-site Scripting (XSS) vulnerability
Low
CVE-2010-0828
was published
for
moin
(pip)
May 2, 2022
uWSGI Directory Traversal vulnerability
High
CVE-2018-7490
was published
for
uWSGI
(pip)
May 14, 2022
Salt vulnerable to Improper Certificate Validation
High
CVE-2015-4017
was published
for
salt
(pip)
May 14, 2022
Tryton vulnerable to arbitrary command execution
High
CVE-2014-6633
was published
for
tryton
(pip)
May 14, 2022
Openstack Octavia allows Insertion of Sensitive Information into Log File
High
CVE-2018-16856
was published
for
octavia
(pip)
May 13, 2022
Apache Qpid Python client Improper certificate validation
Moderate
CVE-2013-1909
was published
for
qpid-python
(pip)
May 13, 2022
qlib Deserialization of Untrusted Data vulnerability
Moderate
CVE-2021-23338
was published
for
pyqlib
(pip)
May 24, 2022
OpenStack Horizon Open redirect in workflow forms
Moderate
CVE-2020-29565
was published
for
horizon
(pip)
May 24, 2022
Scalyr Agent Missing SSL Certificate Validation
Critical
CVE-2020-24714
was published
for
scalyr-agent-2
(pip)
May 24, 2022
OpenStack Nova Live migration fails to update persistent domain XML
High
CVE-2020-17376
was published
for
nova
(pip)
May 24, 2022
Openstack cinder Improper handling of ScaleIO backend credentials
Moderate
CVE-2020-10755
was published
for
cinder
(pip)
May 24, 2022
OpenStack Keystone EC2 and/or credential endpoints are not protected from a scoped context
High
CVE-2020-12689
was published
for
keystone
(pip)
May 24, 2022
OpenStack Manila Unprivileged users can retrieve, use and manipulate share networks
High
CVE-2020-9543
was published
for
manila
(pip)
May 24, 2022
Modoboa is vulnerable to an XML External Entity Injection (XXE)
High
CVE-2019-19702
was published
for
modoboa-dmarc
(pip)
May 24, 2022
FreeIPA logs passwords embedded in commands in calls using batch
Moderate
CVE-2019-10195
was published
for
freeipa
(pip)
May 24, 2022
trytond Incorrect Authorization vulnerability
High
CVE-2012-2238
was published
for
trytond
(pip)
Apr 23, 2022
ProTip!
Advisories are also available from the
GraphQL API