GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
365 advisories
Filter by severity
Server-Side Request Forgery in calibreweb
Critical
CVE-2022-0767
was published
for
calibreweb
(pip)
Mar 8, 2022
Duplicate Advisory: Incorrect Authorization in Gerapy
Critical
CVE-2021-44597
was published
for
gerapy
(pip)
Mar 11, 2022
•
withdrawn
HTTP/2 DoS Attacks: Ping, Reset, and Settings Floods
Critical
GHSA-32gv-6cf3-wcmq
was published
for
twisted
(pip)
Mar 14, 2022
Insufficient Protection against HTTP Request Smuggling in mitmproxy
Critical
CVE-2022-24766
was published
for
mitmproxy
(pip)
Mar 22, 2022
Poetry before v1.1.9 contains Untrusted Search Path
Critical
CVE-2022-26184
was published
for
poetry
(pip)
Mar 23, 2022
Use of Externally-Controlled Format String in consoleme
Critical
CVE-2022-27177
was published
for
consoleme
(pip)
Apr 3, 2022
SQL injection in apache-superset
Critical
CVE-2022-27479
was published
for
apache-superset
(pip)
Apr 14, 2022
Improper Input Validation in httpx
Critical
CVE-2021-41945
was published
for
httpx
(pip)
Apr 29, 2022
ReviewBoard and Djblets library are vulnerable to code execution
Critical
CVE-2013-4409
was published
for
ReviewBoard
(pip)
May 5, 2022
Tenant and Verifier might not use the same registrar data
Critical
CVE-2022-1053
was published
for
keylime
(pip)
May 5, 2022
Argument injection in python-libnmap
Critical
CVE-2022-30284
was published
for
python-libnmap
(pip)
May 6, 2022
Code-execution backdoor in marcador
Critical
CVE-2022-28470
was published
for
marcador
(pip)
May 9, 2022
Ansible Insertion of Sensitive Information into Log File vulnerability
Critical
CVE-2017-7550
was published
for
ansible
(pip)
May 13, 2022
Sony Neural Network Libraries reliance on untrusted inputs prior to v1.0.10
Critical
CVE-2019-10844
was published
for
nnabla
(pip)
May 13, 2022
SaltStack Salt Remote command execution and incorrect access control when using salt-api
Critical
CVE-2018-15751
was published
for
salt
(pip)
May 13, 2022
Mercurial Incorrect Access Control vulnerability
Critical
CVE-2018-1000132
was published
for
mercurial
(pip)
May 13, 2022
Mercurial mishandles integer addition and subtraction
Critical
CVE-2018-13347
was published
for
mercurial
(pip)
May 13, 2022
Mercurial vulnerable to arbitrary code injection
Critical
CVE-2017-17458
was published
for
mercurial
(pip)
May 13, 2022
Mercurial is vulnerable to shell injection attack
Critical
CVE-2017-1000116
was published
for
mercurial
(pip)
May 13, 2022
Unsafe pyyaml load usage in PyAnyAPI
Critical
CVE-2017-16616
was published
for
pyanyapi
(pip)
May 13, 2022
SaltStack Salt allows compromised salt-minions to impersonate the salt-master
Critical
CVE-2017-7893
was published
for
salt
(pip)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API