Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,002 advisories

Loading
PyWebDAV SQL Injection vulnerability High
CVE-2011-0432 was published for pywebdav (pip) May 17, 2022
cocagne pysrp vulnerable to side channel leaks High
CVE-2021-4286 was published for srp (pip) Dec 27, 2022
nautobot has reflected Cross-site Scripting potential in all object list views High
CVE-2024-32979 was published for nautobot (pip) May 1, 2024
michaelpanorios
SaltStack MITM SSH attack in salt-ssh High
CVE-2013-4436 was published for salt (pip) May 17, 2022
sqlparse parsing heavily nested list leads to Denial of Service High
CVE-2024-4340 was published for sqlparse (pip) Apr 15, 2024
uriyay-jfrog
Duplicate Advisory: sqlparse parsing heavily nested list leads to Denial of Service High
GHSA-62qf-jcq8-8gxw was published for sqlparse (pip) Apr 30, 2024 withdrawn
Plone Privilege Escalation Vulnerability High
CVE-2011-0720 was published for Plone (pip) May 17, 2022
Tryton Directory Traversal vulnerability High
CVE-2013-4510 was published for trytond (pip) May 17, 2022
Plone vulnerable to cross-site request forgery High
CVE-2015-7293 was published for Plone (pip) May 17, 2022
SaltStack Privilege Escalation vulnerability High
CVE-2013-6617 was published for salt (pip) May 17, 2022
Trac vulnerable to denial of service High
CVE-2008-5646 was published for Trac (pip) May 17, 2022
Dulwich Arbitrary code execution via commit with directory path starting with .git High
CVE-2014-9706 was published for dulwich (pip) May 17, 2022
OpenStack TripleO Heat templates spoof metadata requests High
CVE-2015-5303 was published for tripleo-heat-templates (pip) May 17, 2022
SQLAlchemy vulnerable to SQL injection High
CVE-2012-0805 was published for SQLAlchemy (pip) May 14, 2022
Plone vulnerable to privilege escalation in WebDAV High
CVE-2016-4041 was published for Plone (pip) May 17, 2022
flask-oidc Open Redirect vulnerability High
CVE-2016-1000001 was published for flask-oidc (pip) May 17, 2022
Lemur uses static IV per key High
CVE-2015-7764 was published for lemur (pip) May 13, 2022
openstack-mistral Discloses the presence of arbitrary files within the filesystem High
CVE-2018-16849 was published for mistral (pip) May 13, 2022
MoinMoin Improper Access Control vulnerability High
CVE-2009-4762 was published for moin (pip) May 2, 2022
Trac is vulnerable to improper policy checks and missing 'raw' role check in docutils High
CVE-2009-4405 was published for trac (pip) May 2, 2022
Trac missing Content-Disposition HTTP header High
CVE-2007-1406 was published for trac (pip) May 1, 2022
Edgewall Trac Cross-site request forgery (CSRF) vulnerability High
CVE-2006-5878 was published for trac (pip) May 1, 2022
Borg Improper Access Control vulnerability High
CVE-2017-15914 was published for borgbackup (pip) May 13, 2022
MoinMoin improper sanitizes user profiles High
CVE-2010-0669 was published for moin (pip) May 2, 2022
MoinMoin has improper default configuration High
CVE-2010-0717 was published for moin (pip) May 2, 2022
ProTip! Advisories are also available from the GraphQL API