GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
275 advisories
Filter by severity
Plone Cross-site scripting Vulnerability
Low
CVE-2012-5502
was published
for
plone
(pip)
May 17, 2022
ceph-deploy uses world-readable permissions on client.admin key
Low
CVE-2015-4053
was published
for
ceph-deploy
(pip)
May 17, 2022
OpenStack Neutron Race condition vulnerability
Low
CVE-2015-5240
was published
for
neutron
(pip)
May 17, 2022
SimpleGeo python-oauth2 vulnerable to the use of Insufficiently Random Values to generate nonces
Low
CVE-2013-4347
was published
for
oauth2
(pip)
May 17, 2022
ceph-deploy allows local users to obtain sensitive information by reading the file
Low
CVE-2015-3010
was published
for
ceph-deploy
(pip)
May 17, 2022
Urllib3 Incorrect Certificate Validation
Low
CVE-2016-9015
was published
for
urllib3
(pip)
May 17, 2022
Salt uses weak permissions on the cache data
Low
CVE-2015-8034
was published
for
salt
(pip)
May 17, 2022
Openstack Compute (Nova) Denial of service via network request that triggers large number of iptables rules
Low
CVE-2012-2101
was published
for
nova
(pip)
May 17, 2022
OpenStack Keystone intended authorization restrictions bypass
Low
CVE-2012-5571
was published
for
Keystone
(pip)
May 17, 2022
OpenStack Glance is vulnerable to Exposure of Sensitive Information
Low
CVE-2013-1840
was published
for
glance
(pip)
May 17, 2022
RPLY Predictable Tmpfile Names Allows Cache Spoofing
Low
CVE-2014-1604
was published
for
RPLY
(pip)
May 17, 2022
pyxdg Arbitrary File Overwrite via Race Condition
Low
CVE-2014-1624
was published
for
pyxdg
(pip)
May 17, 2022
python-keystoneclient unsecure user password update
Low
CVE-2013-2013
was published
for
python-keystoneclient
(pip)
May 17, 2022
OpenStack Heat template URL information leakage
Low
CVE-2014-3801
was published
for
openstack-heat
(pip)
May 14, 2022
Libcloud does not properly scrub data when destroying a DigitalOcean node
Low
CVE-2013-6480
was published
for
apache-libcloud
(pip)
May 14, 2022
Ansible uses a socket with predictable filename in /tmp
Low
CVE-2013-4259
was published
for
Ansible
(pip)
May 14, 2022
OpenStack Nova live snapshots use an insecure local directory
Low
CVE-2013-7048
was published
for
nova
(pip)
May 14, 2022
OpenStack Oslo utility sensitive information exposure via log files
Low
CVE-2014-7231
was published
for
oslo.utils
(pip)
May 14, 2022
Improper Link Resolution Before File Access in Suds
Low
CVE-2013-2217
was published
for
suds
(pip)
May 14, 2022
Cloudtoken Insufficiently Protects Credentials
Low
CVE-2018-13390
was published
for
cloudtoken
(pip)
May 13, 2022
MySQL Connectors Privilege Escalation
Low
CVE-2017-3590
was published
for
mysql-connector-python
(pip)
May 13, 2022
OpenStack Horizon Cross-site scripting (XSS) vulnerability
Low
CVE-2014-3474
was published
for
horizon
(pip)
May 13, 2022
OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability in the Host Aggregates interface
Low
CVE-2014-3594
was published
for
horizon
(pip)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API