GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,002 advisories
Filter by severity
PyWebDAV SQL Injection vulnerability
High
CVE-2011-0432
was published
for
pywebdav
(pip)
May 17, 2022
cocagne pysrp vulnerable to side channel leaks
High
CVE-2021-4286
was published
for
srp
(pip)
Dec 27, 2022
nautobot has reflected Cross-site Scripting potential in all object list views
High
CVE-2024-32979
was published
for
nautobot
(pip)
May 1, 2024
sqlparse parsing heavily nested list leads to Denial of Service
High
CVE-2024-4340
was published
for
sqlparse
(pip)
Apr 15, 2024
Duplicate Advisory: sqlparse parsing heavily nested list leads to Denial of Service
High
GHSA-62qf-jcq8-8gxw
was published
for
sqlparse
(pip)
Apr 30, 2024
•
withdrawn
Plone Privilege Escalation Vulnerability
High
CVE-2011-0720
was published
for
Plone
(pip)
May 17, 2022
Tryton Directory Traversal vulnerability
High
CVE-2013-4510
was published
for
trytond
(pip)
May 17, 2022
Plone vulnerable to cross-site request forgery
High
CVE-2015-7293
was published
for
Plone
(pip)
May 17, 2022
SaltStack Privilege Escalation vulnerability
High
CVE-2013-6617
was published
for
salt
(pip)
May 17, 2022
Dulwich Arbitrary code execution via commit with directory path starting with .git
High
CVE-2014-9706
was published
for
dulwich
(pip)
May 17, 2022
OpenStack TripleO Heat templates spoof metadata requests
High
CVE-2015-5303
was published
for
tripleo-heat-templates
(pip)
May 17, 2022
SQLAlchemy vulnerable to SQL injection
High
CVE-2012-0805
was published
for
SQLAlchemy
(pip)
May 14, 2022
Plone vulnerable to privilege escalation in WebDAV
High
CVE-2016-4041
was published
for
Plone
(pip)
May 17, 2022
flask-oidc Open Redirect vulnerability
High
CVE-2016-1000001
was published
for
flask-oidc
(pip)
May 17, 2022
openstack-mistral Discloses the presence of arbitrary files within the filesystem
High
CVE-2018-16849
was published
for
mistral
(pip)
May 13, 2022
MoinMoin Improper Access Control vulnerability
High
CVE-2009-4762
was published
for
moin
(pip)
May 2, 2022
Trac is vulnerable to improper policy checks and missing 'raw' role check in docutils
High
CVE-2009-4405
was published
for
trac
(pip)
May 2, 2022
Trac missing Content-Disposition HTTP header
High
CVE-2007-1406
was published
for
trac
(pip)
May 1, 2022
Edgewall Trac Cross-site request forgery (CSRF) vulnerability
High
CVE-2006-5878
was published
for
trac
(pip)
May 1, 2022
Borg Improper Access Control vulnerability
High
CVE-2017-15914
was published
for
borgbackup
(pip)
May 13, 2022
MoinMoin improper sanitizes user profiles
High
CVE-2010-0669
was published
for
moin
(pip)
May 2, 2022
MoinMoin has improper default configuration
High
CVE-2010-0717
was published
for
moin
(pip)
May 2, 2022
ProTip!
Advisories are also available from the
GraphQL API