GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,260 advisories
Filter by severity
libtaxii Server-Side Request Forgery vulnerability
Critical
CVE-2020-27197
was published
for
libtaxii
(pip)
Apr 30, 2021
Langchain vulnerable to arbitrary code execution
Critical
CVE-2023-34541
was published
for
langchain
(pip)
Jun 20, 2023
Command injection in libvcs and vcspull
Critical
CVE-2022-21187
was published
for
libvcs
(pip)
Mar 15, 2022
LangChain vulnerable to arbitrary code execution
Critical
CVE-2023-38896
was published
for
langchain
(pip)
Aug 15, 2023
Incorrect Default Permissions in keyring
High
CVE-2012-5578
was published
for
keyring
(pip)
Mar 10, 2020
OpenStack Keystone Allows Remote User Account Creation
High
CVE-2012-3542
was published
for
keystone
(pip)
May 17, 2022
LangChain vulnerable to arbitrary code execution
Critical
CVE-2023-39659
was published
for
langchain
(pip)
Aug 15, 2023
Keylime registrar and (untrusted) Agent can be bypassed by an attacker
High
CVE-2023-38201
was published
for
keylime
(pip)
Sep 6, 2023
OpenStack Keystone EC2 and/or credential endpoints are not protected from a scoped context
High
CVE-2020-12689
was published
for
keystone
(pip)
May 24, 2022
OpenStack Keystone does not check signature TTL of the EC2 credential auth method
Moderate
CVE-2020-12692
was published
for
keystone
(pip)
May 24, 2022
Kotti CSRF in the local roles implementation
High
CVE-2018-9856
was published
for
Kotti
(pip)
Jul 12, 2018
Heartex - Label Studio Community Edition vulnerable to SSRF in the Data Import module
High
CVE-2022-36551
was published
for
label-studio
(pip)
Oct 4, 2022
OpenStack Identity Keystone and keystonemiddleware Insufficiently Protected Credentials
High
CVE-2015-7546
was published
for
keystone
(pip)
May 13, 2022
OpenStack Keystone Credential Leakage
High
CVE-2019-19687
was published
for
keystone
(pip)
May 24, 2022
Jupyter Notebook file bypasses sanitization, executes JavaScript
High
CVE-2018-8768
was published
for
notebook
(pip)
Jul 12, 2018
Jupyter Notebook XSS via untrusted notebooks
Moderate
CVE-2018-19351
was published
for
notebook
(pip)
Nov 21, 2018
Moderate severity vulnerability that affects moin
Moderate
CVE-2017-5934
was published
for
moin
(pip)
Jan 4, 2019
Jupyter Notebook XSS via directory name
Moderate
CVE-2018-19352
was published
for
notebook
(pip)
Nov 21, 2018
MoinMoin Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2016-7146
was published
for
moin
(pip)
May 17, 2022
Koji hub call does not perform correct access checks
Critical
CVE-2018-1002150
was published
for
koji
(pip)
Jul 12, 2018
koji hub allows arbitrary upload destinations
High
CVE-2019-17109
was published
for
koji
(pip)
May 24, 2022
Incorrect Default Permissions in keyring
High
CVE-2012-5577
was published
for
keyring
(pip)
Mar 11, 2020
Insufficient Session Expiration in OpenStack Keystone
High
CVE-2020-12690
was published
for
keystone
(pip)
Jun 9, 2021
Improper Restriction of XML External Entity Reference in ladon
Critical
CVE-2019-1010268
was published
for
ladon
(pip)
Jul 26, 2019
langchain SQL Injection vulnerability
High
CVE-2023-36189
was published
for
langchain
(pip)
Jul 6, 2023
ProTip!
Advisories are also available from the
GraphQL API