GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,002 advisories
Filter by severity
Kallithea cross-site request forgery (CSRF) vulnerability
High
CVE-2015-0276
was published
for
Kallithea
(pip)
May 13, 2022
OpenStack Nova-LXD bypass security restrictions
High
CVE-2017-5936
was published
for
nova-lxd
(pip)
May 13, 2022
SaltStack RSA Key Generation allows remote users to decrypt communications
High
CVE-2013-2228
was published
for
salt
(pip)
May 5, 2022
Django Information leakage in AuthenticationForm
High
CVE-2018-6188
was published
for
django
(pip)
Oct 3, 2018
Litestar and Starlite vulnerable to Path Traversal
High
CVE-2024-32982
was published
for
litestar
(pip)
May 6, 2024
Arbitrary HTML present after sanitization because of unicode normalization
High
CVE-2024-34078
was published
for
html-sanitizer
(pip)
May 6, 2024
sagemaker-python-sdk Command Injection vulnerability
High
CVE-2024-34073
was published
for
sagemaker
(pip)
May 3, 2024
sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data
High
CVE-2024-34072
was published
for
sagemaker
(pip)
May 3, 2024
aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests
High
CVE-2024-30251
was published
for
aiohttp
(pip)
May 3, 2024
fonttools XML External Entity Injection (XXE) Vulnerability
High
CVE-2023-45139
was published
for
fonttools
(pip)
Jan 9, 2024
OpenStack Storlets arbitrary code execution vulnerability
High
CVE-2024-28717
was published
for
storlets
(pip)
Apr 22, 2024
SaltStack Salt Improper SSL Certificate Validation
High
CVE-2020-35662
was published
for
salt
(pip)
May 24, 2022
Django Denial-of-service in django.utils.text.Truncator
High
CVE-2019-14232
was published
for
django
(pip)
Aug 6, 2019
Mercurial vulnerable to arbitrary code execution when converting Git repos
High
CVE-2016-3105
was published
for
mercurial
(pip)
May 17, 2022
Mercurial Improper Input Validation vulnerability
High
CVE-2018-13348
was published
for
mercurial
(pip)
May 13, 2022
Mercurial Improper Input Validation vulnerability
High
CVE-2018-13346
was published
for
mercurial
(pip)
May 13, 2022
Mercurial missing symlink check
High
CVE-2017-1000115
was published
for
mercurial
(pip)
May 14, 2022
Mercurial vulnerable to arbitrary code execution via a crafted name when converting a Git repository
High
CVE-2016-3069
was published
for
mercurial
(pip)
May 14, 2022
Mercurial arbitrary code execution vulnerability
High
CVE-2016-3630
was published
for
mercurial
(pip)
May 14, 2022
Mercurial arbitrary code execution via a crafted git ext:: URL
High
CVE-2016-3068
was published
for
mercurial
(pip)
May 14, 2022
Mercurial vulnerable to arbitrary command execution via a crafted repository name in a clone command
High
CVE-2014-9462
was published
for
mercurial
(pip)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API