Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,444 advisories

Loading
Policies not properly enforced in bluemonday Moderate
CVE-2021-42576 was published for github.com/microcosm-cc/bluemonday (Go) Oct 19, 2021
Scrapy leaks the authorization header on same-domain but cross-origin redirects Moderate
CVE-2024-1968 was published for Scrapy (pip) May 14, 2024
Szarny
aiosmtpd STARTTLS unencrypted commands injection Moderate
CVE-2024-34083 was published for aiosmtpd (pip) May 20, 2024
Arusekk
Denial-of-service possibility in logout() view by filling session store Moderate
CVE-2015-5964 was published for Django (pip) May 17, 2022
MarkLee131
Cross-site request forgery in Django Moderate
CVE-2011-0696 was published for django (pip) Jul 23, 2018
MarkLee131
Session manipulation in Django Moderate
CVE-2011-4136 was published for django (pip) Jul 23, 2018
MarkLee131
Django Denial of Service Vulnerability in the authentication framework Moderate
CVE-2013-1443 was published for django (pip) May 17, 2022
Code Injection in Django Moderate
CVE-2014-0472 was published for Django (pip) May 17, 2022
MarkLee131
Django Reuses Cached CSRF Token Moderate
CVE-2014-0473 was published for django (pip) May 17, 2022
MarkLee131
MLflow allows low privilege users to delete any artifact Moderate
CVE-2024-4263 was published for mlflow (pip) May 16, 2024
Django database denial-of-service with ModelMultipleChoiceField Moderate
CVE-2015-0222 was published for Django (pip) May 17, 2022
MarkLee131
OpenStack Glance Bypass the storage quota and Denial of service Moderate
CVE-2014-9623 was published for glance (pip) May 17, 2022
OpenStack Glance Denial of service by creating a large number of images Moderate
CVE-2014-9684 was published for glance (pip) May 17, 2022
OpenStack Glance Denial of service by creating a large number of images Moderate
CVE-2015-1881 was published for glance (pip) May 17, 2022
OpenStack Glance improper validation of the image_size_cap configuration option Moderate
CVE-2014-5356 was published for glance (pip) May 17, 2022
OpenStack Glance v2 API unrestricted path traversal through filesystem:// scheme Moderate
CVE-2015-1195 was published for glance (pip) May 14, 2022
OpenStack Swift Unauthorized delete of versioned Swift object Moderate
CVE-2015-1856 was published for swift (pip) May 14, 2022
OpenStack Swift metadata constraints are not correctly enforced Moderate
CVE-2014-7960 was published for swift (pip) May 17, 2022
OpenStack Swift allows authenticated users to cause a denial of service Moderate
CVE-2013-4155 was published for swift (pip) May 17, 2022
OpenStack Swift XML external entities (XXE) Injection Moderate
CVE-2022-47950 was published for swift (pip) Jan 18, 2023
OpenStack Horizon Cross-site Scripting (XSS) Moderate
CVE-2017-7400 was published for horizon (pip) May 14, 2022
OpenStack Nova Directory traversal vulnerability Moderate
CVE-2012-3360 was published for nova (pip) May 17, 2022
OpenStack Nova Arbitrary file injection/corruption through directory traversal issues Moderate
CVE-2012-3361 was published for nova (pip) May 17, 2022
OpenStack Nova Information leak in libvirt LVM-backed instances Moderate
CVE-2012-5625 was published for nova (pip) May 17, 2022
OpenStack Compute Nova Improper Access Control Moderate
CVE-2013-4497 was published for nova (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API