GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
100 advisories
Filter by severity
Synapse allows a a malformed invite to break the invitee's `/sync`
High
CVE-2024-52815
was published
for
matrix-synapse
(pip)
Dec 3, 2024
Mesop has a local file Inclusion via static file serving functionality
High
CVE-2024-45601
was published
for
mesop
(pip)
Sep 18, 2024
Weave server API vulnerable to arbitrary file leak
High
CVE-2024-7340
was published
for
weave
(pip)
Jul 31, 2024
Remote Code Execution Vulnerability in Microsoft Django Backend for SQL Server
High
CVE-2024-26164
was published
for
mssql-django
(pip)
Mar 12, 2024
Potentially untrusted input is rendered as HTML in final output
High
CVE-2024-26151
was published
for
mjml
(pip)
Feb 22, 2024
Apache Avro Java SDK vulnerable to Improper Input Validation
High
CVE-2023-39410
was published
for
avro
(Maven)
Sep 29, 2023
Airflow Sqoop Provider RCE Vulnerability
High
CVE-2023-27604
was published
for
apache-airflow-providers-apache-sqoop
(pip)
Aug 28, 2023
Apache Airflow Spark Provider Improper Input Validation vulnerability
High
CVE-2023-40272
was published
for
apache-airflow-providers-apache-spark
(pip)
Aug 17, 2023
apache-airflow-providers-apache-drill Improper Input Validation vulnerability
High
CVE-2023-39553
was published
for
apache-airflow-providers-apache-drill
(pip)
Aug 11, 2023
Apache Airflow Apache Hive Provider Improper Input Validation vulnerability
High
CVE-2023-37415
was published
for
apache-airflow-providers-apache-hive
(pip)
Jul 13, 2023
Apache Airflow Improper Input Validation vulnerability
High
CVE-2023-36543
was published
for
apache-airflow
(pip)
Jul 12, 2023
Apache Airflow Improper Input Validation vulnerability
High
CVE-2023-22888
was published
for
apache-airflow
(pip)
Jul 12, 2023
MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form
High
CVE-2023-34457
was published
for
MechanicalSoup
(pip)
Jul 5, 2023
Apache Airflow JDBC Provider Improper Input Validation vulnerability
High
CVE-2023-22886
was published
for
apache-airflow-providers-jdbc
(pip)
Jun 29, 2023
Apache Airflow Spark Provider vulnerable to improper input validation
High
CVE-2023-28710
was published
for
apache-airflow-providers-apache-spark
(pip)
Apr 7, 2023
Apache Airflow Drill Provider vulnerable to improper input validation
High
CVE-2023-28707
was published
for
apache-airflow-providers-apache-drill
(pip)
Apr 7, 2023
CairoSVG improperly processes SVG files loaded from external resources
High
CVE-2023-27586
was published
for
CairoSVG
(pip)
Mar 20, 2023
Apache Airflow Google Provider Improper Input Validation vulnerability
High
CVE-2023-25692
was published
for
apache-airflow-providers-google
(pip)
Feb 24, 2023
WASM3 Improper Input Validation vulnerability
High
CVE-2022-39974
was published
for
pywasm3
(pip)
Sep 21, 2022
ansible-runner vulnerable to shell command injection
High
CVE-2021-4041
was published
for
ansible-runner
(pip)
Aug 25, 2022
ProTip!
Advisories are also available from the
GraphQL API