GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
Arbitrary code using "crafted image file" approach affecting Pillow
High
CVE-2016-9190
was published
for
Pillow
(pip)
Jul 12, 2018
Improper Access Control in MySQL Connector Python
High
CVE-2019-2435
was published
for
mysql-connector-python
(pip)
May 13, 2022
Bots using py-cord as Discord API wrapper are vulnerable to shutdowns through remote code execution
High
CVE-2022-36024
was published
for
py-cord
(pip)
Aug 18, 2022
Improper Access Control in pyftpdlib
High
CVE-2009-5012
was published
for
pyftpdlib
(pip)
May 2, 2022
Improper Input Validation in sopel-plugins.channelmgnt
High
CVE-2021-21431
was published
for
sopel-plugins.channelmgnt
(pip)
Apr 9, 2021
Plone Improper Access Control Vulnerability
High
CVE-2013-4197
was published
for
plone
(pip)
May 17, 2022
Zope does not properly restrict access to the getRoles method
High
CVE-2000-0725
was published
for
zope
(pip)
Apr 30, 2022
Privilege escalation via ApiTokensEndpoint
High
CVE-2023-39349
was published
for
sentry
(pip)
Aug 8, 2023
pyload Unauthenticated Flask Configuration Leakage vulnerability
High
CVE-2024-21644
was published
for
pyload-ng
(pip)
Jan 8, 2024
Zope does not properly verify the access for objects with proxy roles
High
CVE-2002-0170
was published
for
zope
(pip)
Apr 30, 2022
MoinMoin Improper Access Control vulnerability
High
CVE-2009-4762
was published
for
moin
(pip)
May 2, 2022
Authlib has algorithm confusion with asymmetric public keys
High
CVE-2024-37568
was published
for
authlib
(pip)
Jun 9, 2024
Borg Improper Access Control vulnerability
High
CVE-2017-15914
was published
for
borgbackup
(pip)
May 13, 2022
Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default
High
CVE-2024-6221
was published
for
Flask-Cors
(pip)
Aug 18, 2024
Improper Access Control in novajoin
High
CVE-2019-10138
was published
for
novajoin
(pip)
Mar 12, 2020
OpenStack Keystone Allows Remote User Account Creation
High
CVE-2012-3542
was published
for
keystone
(pip)
May 17, 2022
Mercurial vulnerable to arbitrary code execution when converting Git repos
High
CVE-2016-3105
was published
for
mercurial
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API