GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,467 advisories
Filter by severity
Modoboa has Weak Password Requirements
Moderate
CVE-2023-2160
was published
for
modoboa
(pip)
Apr 18, 2023
MoinMoin Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2009-1482
was published
for
moin
(pip)
May 2, 2022
Denial of service attack via push rule patterns in matrix-synapse
Moderate
CVE-2021-29471
was published
for
matrix-synapse
(pip)
May 13, 2021
SSRF in Sydent due to missing validation of hostnames
Moderate
CVE-2021-29431
was published
for
matrix-sydent
(pip)
Apr 19, 2021
Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints
Moderate
CVE-2021-21393
was published
for
matrix-synapse
(pip)
Apr 13, 2021
HTML injection in email and account expiry notifications
Moderate
CVE-2021-21333
was published
for
matrix-synapse
(pip)
Mar 26, 2021
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews
Moderate
CVE-2023-32683
was published
for
matrix-synapse
(pip)
Jun 6, 2023
mayan-edms Cross-site Scripting vulnerability
Moderate
CVE-2018-16405
was published
for
mayan-edms
(pip)
Sep 6, 2018
Cross-site scripting (XSS) vulnerability in the password reset endpoint
Moderate
CVE-2021-21332
was published
for
matrix-synapse
(pip)
Mar 26, 2021
Denial of service attack via .well-known lookups
Moderate
CVE-2021-21274
was published
for
matrix-synapse
(pip)
Mar 1, 2021
loguru vulnerable to improper privilege management
Moderate
CVE-2022-0338
was published
for
loguru
(pip)
Jan 26, 2022
lxml vulnerable to Cross-site Scripting
Moderate
CVE-2020-27783
was published
for
lxml
(pip)
Jan 7, 2021
lxml NULL Pointer Dereference allows attackers to cause a denial of service
Moderate
CVE-2022-2309
was published
for
lxml
(pip)
Jul 6, 2022
Improper Neutralization of Input During Web Page Generation in LXML
Moderate
CVE-2018-19787
was published
for
lxml
(pip)
May 13, 2022
Mako contains Cross-site Scripting vulnerability
Moderate
CVE-2010-2480
was published
for
mako
(pip)
May 17, 2022
mangadex-downloader vulnerable to unauthorized file reading
Moderate
CVE-2022-36082
was published
for
mangadex-downloader
(pip)
Sep 16, 2022
lxml Cross-site Scripting Via Control Characters
Moderate
CVE-2014-3146
was published
for
lxml
(pip)
May 14, 2022
markdown2 is vulnerable to cross-site scripting
Moderate
CVE-2018-5773
was published
for
markdown2
(pip)
Jul 12, 2018
Cross-site scripting in markdown2 for python
Moderate
CVE-2009-3724
was published
for
markdown2
(pip)
Apr 21, 2022
lxml vulnerable to Cross-Site Scripting
Moderate
CVE-2021-28957
was published
for
lxml
(pip)
Mar 22, 2021
lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through
Moderate
CVE-2021-43818
was published
for
lxml
(pip)
Dec 13, 2021
Creation of Temporary File With Insecure Permissions in logilab-commons
Moderate
CVE-2014-1839
was published
for
logilab-common
(pip)
May 14, 2022
Lin-CMS-Flask Cross Site Scripting (XSS) vulnerability
Moderate
CVE-2020-18699
was published
for
lin-cms
(pip)
May 24, 2022
Locust Stored Cross-site Scripting Vulnerability
Moderate
CVE-2020-28364
was published
for
locust
(pip)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API