GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
249,130 advisories
Filter by severity
A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed...
High
Unreviewed
CVE-2023-0971
was published
Jun 21, 2023
Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault...
Moderate
Unreviewed
CVE-2023-5138
was published
Jan 4, 2024
koji hub allows arbitrary upload destinations
High
CVE-2019-17109
was published
for
koji
(pip)
May 24, 2022
Incorrect Default Permissions in keyring
High
CVE-2012-5577
was published
for
keyring
(pip)
Mar 11, 2020
Insufficient Session Expiration in OpenStack Keystone
High
CVE-2020-12690
was published
for
keystone
(pip)
Jun 9, 2021
Improper Restriction of XML External Entity Reference in ladon
Critical
CVE-2019-1010268
was published
for
ladon
(pip)
Jul 26, 2019
langchain SQL Injection vulnerability
High
CVE-2023-36189
was published
for
langchain
(pip)
Jul 6, 2023
OpenStack keystonemiddleware does not verify certificate
High
CVE-2014-7144
was published
for
keystonemiddleware
(pip)
May 17, 2022
Airbnb Knowledge Repo XSS In Comments
Moderate
CVE-2018-12104
was published
for
knowledge-repo
(pip)
May 14, 2022
OpenStack Keystone Insufficient token expiration
High
CVE-2012-5563
was published
for
keystone
(pip)
May 17, 2022
OpenStack keystonemiddleware and python-keystoneclient vulnerable to man-in-the-middle attacks
High
CVE-2015-1852
was published
for
keystonemiddleware
(pip)
May 17, 2022
langchain Code Injection vulnerability
Critical
CVE-2023-36095
was published
for
langchain
(pip)
Aug 5, 2023
OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID
High
CVE-2020-12691
was published
for
keystone
(pip)
May 24, 2022
LangChain vulnerable to arbitrary code execution
Critical
CVE-2023-38860
was published
for
langchain
(pip)
Aug 15, 2023
Python Keyring does not securely initialize encryption cipher
High
CVE-2012-4571
was published
for
keyring
(pip)
May 17, 2022
Execution with Unnecessary Privileges in ipython
High
CVE-2022-21699
was published
for
ipython
(pip)
Jan 21, 2022
Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability
High
CVE-2023-5077
was published
for
github.com/hashicorp/vault
(Go)
Sep 29, 2023
Mautic vulnerable to XSS in contact/company tracking (no authentication)
Moderate
CVE-2024-47050
was published
for
mautic/core
(Composer)
Sep 18, 2024
Mautic has an XSS in contact tracking and page hits report
Moderate
CVE-2021-27917
was published
for
mautic/core
(Composer)
Sep 18, 2024
Openstack ironic-inspector has SQL injection vulnerability in node_cache
High
CVE-2019-10141
was published
for
ironic-inspector
(pip)
May 24, 2022
python-kerberos vulnerable to KDC spoofing attacks
Critical
CVE-2015-3206
was published
for
kerberos
(pip)
May 14, 2022
json2xml Uncaught Exception vulnerability
High
CVE-2022-25024
was published
for
json2xml
(pip)
Aug 23, 2023
Kallithea cross-site request forgery (CSRF) vulnerability
High
CVE-2015-0276
was published
for
Kallithea
(pip)
May 13, 2022
Kallithea cross-site scripting (XSS) vulnerability
Moderate
CVE-2015-1864
was published
for
Kallithea
(pip)
May 13, 2022
Kallithea CRLF injection vulnerability
High
CVE-2015-5285
was published
for
kallithea
(pip)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API