GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
249,130 advisories
Filter by severity
Keylime registrar and (untrusted) Agent can be bypassed by an attacker
High
CVE-2023-38201
was published
for
keylime
(pip)
Sep 6, 2023
OpenStack Keystone EC2 and/or credential endpoints are not protected from a scoped context
High
CVE-2020-12689
was published
for
keystone
(pip)
May 24, 2022
OpenStack Keystone does not check signature TTL of the EC2 credential auth method
Moderate
CVE-2020-12692
was published
for
keystone
(pip)
May 24, 2022
Kotti CSRF in the local roles implementation
High
CVE-2018-9856
was published
for
Kotti
(pip)
Jul 12, 2018
Heartex - Label Studio Community Edition vulnerable to SSRF in the Data Import module
High
CVE-2022-36551
was published
for
label-studio
(pip)
Oct 4, 2022
OpenStack Identity Keystone and keystonemiddleware Insufficiently Protected Credentials
High
CVE-2015-7546
was published
for
keystone
(pip)
May 13, 2022
Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting
Critical
CVE-2024-47186
was published
for
filament/infolists
(Composer)
Sep 27, 2024
OpenStack Keystone Credential Leakage
High
CVE-2019-19687
was published
for
keystone
(pip)
May 24, 2022
Jupyter Notebook file bypasses sanitization, executes JavaScript
High
CVE-2018-8768
was published
for
notebook
(pip)
Jul 12, 2018
Jupyter Notebook XSS via untrusted notebooks
Moderate
CVE-2018-19351
was published
for
notebook
(pip)
Nov 21, 2018
Moderate severity vulnerability that affects moin
Moderate
CVE-2017-5934
was published
for
moin
(pip)
Jan 4, 2019
Jupyter Notebook XSS via directory name
Moderate
CVE-2018-19352
was published
for
notebook
(pip)
Nov 21, 2018
MoinMoin Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2016-7146
was published
for
moin
(pip)
May 17, 2022
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)
Moderate
CVE-2024-47058
was published
for
mautic/core
(Composer)
Sep 18, 2024
powermail TYPO3 extension has Insecure Direct Object Reference
Moderate
CVE-2024-47047
was published
for
in2code/powermail
(Composer)
Sep 17, 2024
czim/file-handling vulnerable to SSRF and directory traversal
Moderate
CVE-2024-47049
was published
for
czim/file-handling
(Composer)
Sep 17, 2024
Koji hub call does not perform correct access checks
Critical
CVE-2018-1002150
was published
for
koji
(pip)
Jul 12, 2018
SQL Injection in Apache InLong
High
CVE-2023-43667
was published
for
org.apache.inlong:inlong
(Maven)
Oct 16, 2023
Cross-site scripting (XSS) in the clipboard package
Moderate
CVE-2024-45613
was published
for
@ckeditor/ckeditor5-clipboard
(npm)
Sep 25, 2024
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain...
High
Unreviewed
CVE-2024-40509
was published
Sep 27, 2024
iRedAdmin before 2.6 allows XSS, e.g., via order_name.
Moderate
Unreviewed
CVE-2024-47227
was published
Sep 23, 2024
The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in...
Moderate
Unreviewed
CVE-2023-2747
was published
Jun 15, 2023
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an...
Moderate
Unreviewed
CVE-2024-7711
was published
Aug 20, 2024
The Responsive video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
Moderate
Unreviewed
CVE-2024-7629
was published
Aug 21, 2024
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed...
Moderate
Unreviewed
CVE-2024-6337
was published
Aug 20, 2024
ProTip!
Advisories are also available from the
GraphQL API