GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
7,059 advisories
Filter by severity
MoinMoin Exposure of Sensitive Disclosure when GATEWAY_INTERFACE variable is set
High
CVE-2010-0667
was published
for
moin
(pip)
May 2, 2022
Mercurial vulnerable to arbitrary code execution when converting Git repos
High
CVE-2016-3105
was published
for
mercurial
(pip)
May 17, 2022
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG
High
CVE-2019-11842
was published
for
matrix-sydent
(pip)
May 24, 2022
Denial of service attack due to invalid JSON
High
CVE-2020-26890
was published
for
matrix-synapse
(pip)
Nov 24, 2020
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths
High
CVE-2022-31052
was published
for
matrix-synapse
(pip)
Jun 29, 2022
Open redirect via transitional IPv6 addresses on dual-stack networks
High
CVE-2021-21392
was published
for
matrix-synapse
(pip)
Apr 13, 2021
Denial of service due to incorrect application of event authorization rules
High
CVE-2022-31152
was published
for
matrix-synapse
(pip)
Aug 31, 2022
Synapse Denial of service due to incorrect application of event authorization rules during state resolution
High
CVE-2022-39374
was published
for
matrix-synapse
(pip)
May 24, 2023
markdown-it-py Denial of Service vulnerability
High
CVE-2023-26303
was published
for
markdown-it-py
(pip)
Feb 23, 2023
markdown2 Regular Expression Denial of Service
High
CVE-2021-26813
was published
for
markdown2
(pip)
Jun 2, 2021
RestrictedPython information leakage via `AttributeError.obj` and the `string` module
High
CVE-2024-47532
was published
for
RestrictedPython
(pip)
Sep 30, 2024
basic-auth-connect's callback uses time unsafe string comparison
High
CVE-2024-47178
was published
for
basic-auth-connect
(npm)
Sep 30, 2024
Undertow Denial of Service vulnerability
High
CVE-2024-5971
was published
for
io.undertow:undertow-core
(Maven)
Jul 8, 2024
Lemur subject to insecure random generation
High
CVE-2023-30797
was published
for
lemur
(pip)
Mar 1, 2023
Duplicate Advisory: Lemur subject to insecure random generation
High
GHSA-r4xg-4wrv-w72h
was published
for
lemur
(pip)
Apr 19, 2023
•
withdrawn
mako is vulnerable to Regular Expression Denial of Service
High
CVE-2022-40023
was published
for
mako
(pip)
Sep 16, 2022
mat2 before 0.13.0 allows directory traversal during the ZIP archive cleaning process.
High
CVE-2022-35410
was published
for
mat2
(pip)
Jul 12, 2022
markdown-it-py Denial of Service vulnerability in the command line interface
High
CVE-2023-26302
was published
for
markdown-it-py
(pip)
Feb 23, 2023
Cross-Site Request Forgery (CSRF) in Luigi
High
CVE-2018-1000843
was published
for
luigi
(pip)
Dec 20, 2018
OpenStack Manila Unprivileged users can retrieve, use and manipulate share networks
High
CVE-2020-9543
was published
for
manila
(pip)
May 24, 2022
Mailman Core vulnerable to timing attacks
High
CVE-2021-34337
was published
for
mailman
(pip)
Apr 15, 2023
Improper Link Resolution Before File Access in logilab-commons
High
CVE-2014-1838
was published
for
logilab-common
(pip)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API