GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
279 advisories
Filter by severity
OctoPrint does not have rate limiting on the login page
Low
CVE-2022-2822
was published
for
OctoPrint
(pip)
Aug 16, 2022
OpenStack Nova Changing vnic_type breaks compute service restart
Low
CVE-2022-37394
was published
for
nova
(pip)
Aug 4, 2022
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings
Low
CVE-2022-31177
was published
for
Flask-AppBuilder
(pip)
Jul 29, 2022
OpenStack Nova can leak consoleauth token into log files
Low
CVE-2015-9543
was published
for
Nova
(pip)
May 24, 2022
Virtualenv Allows Symlink Attack on /tmp/
Low
CVE-2011-4617
was published
for
virtualenv
(pip)
May 17, 2022
OpenStack Nova Scheduler denial of service through scheduler_hints
Low
CVE-2012-3371
was published
for
Nova
(pip)
May 17, 2022
Python Keyring does not securely initialize encryption cipher
Low
CVE-2012-4571
was published
for
keyring
(pip)
May 17, 2022
OpenStack Compute (Nova) Resource limit circumvention in Nova private flavors
Low
CVE-2013-4278
was published
for
nova
(pip)
May 17, 2022
OpenStack Cinder LVMVolumeDriver does not zero deleted snapshots
Low
CVE-2013-4183
was published
for
cinder
(pip)
May 17, 2022
OpenStack Identity Keystone Privilege Escalation vulnerability
Low
CVE-2013-4477
was published
for
keystone
(pip)
May 17, 2022
OpenStack Glance sensitive information disclosure via logs
Low
CVE-2014-1948
was published
for
glance
(pip)
May 17, 2022
Plone is vulnerable to File System Path Exposure
Low
CVE-2013-4194
was published
for
plone
(pip)
May 17, 2022
Plone Denial of Service vulnerability via decompressing large zip archives
Low
CVE-2013-4199
was published
for
plone
(pip)
May 17, 2022
OpenStack Nova VMWare driver leaks rescued images
Low
CVE-2014-2573
was published
for
nova
(pip)
May 17, 2022
Ajenti Cross-site scripting (XSS) vulnerability
Low
CVE-2014-2260
was published
for
ajenti
(pip)
May 17, 2022
OpenStack Keystone Sensitive information disclosure via log files
Low
CVE-2013-2006
was published
for
keystone
(pip)
May 17, 2022
OpenStack Nova denial of service through compressed disk images
Low
CVE-2013-4463
was published
for
nova
(pip)
May 17, 2022
OpenStack Nova host data leak to vm instance in rescue mode
Low
CVE-2014-0134
was published
for
nova
(pip)
May 17, 2022
OpenStack Compute (Nova) Denial of service due to improper validation of virtual size of QCOW2 image
Low
CVE-2013-4469
was published
for
nova
(pip)
May 17, 2022
Plone Cross-site scripting Vulnerability
Low
CVE-2012-5502
was published
for
plone
(pip)
May 17, 2022
ceph-deploy uses world-readable permissions on client.admin key
Low
CVE-2015-4053
was published
for
ceph-deploy
(pip)
May 17, 2022
OpenStack Neutron Race condition vulnerability
Low
CVE-2015-5240
was published
for
neutron
(pip)
May 17, 2022
SimpleGeo python-oauth2 vulnerable to the use of Insufficiently Random Values to generate nonces
Low
CVE-2013-4347
was published
for
oauth2
(pip)
May 17, 2022
ceph-deploy allows local users to obtain sensitive information by reading the file
Low
CVE-2015-3010
was published
for
ceph-deploy
(pip)
May 17, 2022
Urllib3 Incorrect Certificate Validation
Low
CVE-2016-9015
was published
for
urllib3
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API