GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,002 advisories
Filter by severity
Use of insecure temporary file in Horovod
High
CVE-2022-0315
was published
for
horovod
(pip)
Mar 29, 2022
Regular Expression Denial of Service in Leo Editor
High
CVE-2020-23478
was published
for
leo
(pip)
Sep 23, 2021
Improper Removal of Sensitive Information Before Storage or Transfer in irrd
High
CVE-2022-24798
was published
for
irrd
(pip)
Apr 1, 2022
Sensitive Auth & Cookie data stored in Jupyter server logs
High
CVE-2022-24758
was published
for
notebook
(pip)
Apr 5, 2022
Ansible is vulnerable to an improper input validation in Ansible's handling of data sent from client systems
High
CVE-2016-9587
was published
for
ansible
(pip)
Oct 10, 2018
Files on the host computer can be accessed from the Gradio interface
High
CVE-2021-43831
was published
for
gradio
(pip)
Jan 21, 2022
pytorch-lightning is vulnerable to Deserialization of Untrusted Data
High
CVE-2021-4118
was published
for
pytorch-lightning
(pip)
Jan 6, 2022
StripComments filter contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service)
High
CVE-2021-32839
was published
for
sqlparse
(pip)
Sep 10, 2021
Improper Access Control in MySQL Connector Python
High
CVE-2019-2435
was published
for
mysql-connector-python
(pip)
May 13, 2022
Improper Authentication in django-mfa3
High
CVE-2022-24857
was published
for
django-mfa3
(pip)
Apr 22, 2022
Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging
High
CVE-2022-24770
was published
for
gradio
(pip)
Mar 18, 2022
rdiffweb vulnerable to Improper Restriction of Rendered UI Layers or Frames
High
CVE-2022-3167
was published
for
rdiffweb
(pip)
Sep 9, 2022
MEI2Volpiano is vulnerable to XML External Entity (XXE), leading to a Denial of Service (DoS)
High
CVE-2022-37189
was published
for
mei2volpiano
(pip)
Sep 8, 2022
Incorrect Default Permissions in Supervisor
High
CVE-2017-11610
was published
for
supervisor
(pip)
May 13, 2022
Inconsistent Interpretation of HTTP Requests in Waitress
High
CVE-2019-16792
was published
for
waitress
(pip)
May 24, 2022
Inconsistent Interpretation of HTTP Requests in twisted.web
High
CVE-2022-24801
was published
for
twisted
(pip)
Apr 4, 2022
rdiffweb 2.4.1 contains Weak Password Requirements
High
CVE-2022-3179
was published
for
rdiffweb
(pip)
Sep 14, 2022
rdiffweb 2.4.1 vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
High
CVE-2022-3174
was published
for
rdiffweb
(pip)
Sep 14, 2022
Key confusion through non-blocklisted public key formats
High
CVE-2022-29217
was published
for
pyjwt
(pip)
May 24, 2022
Cookie and header exposure in twisted
High
CVE-2022-21712
was published
for
twisted
(pip)
Feb 7, 2022
ProTip!
Advisories are also available from the
GraphQL API