Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

233 advisories

Loading
Ansible-Core vulnerable to content protections bypass Low
CVE-2024-11079 was published for ansible-core (pip) Nov 12, 2024
arvindshmicrosoft
sigstore has insufficient validation of integration timestamp during verification Low
CVE-2024-55655 was published for sigstore (pip) Dec 11, 2024
woodruffw haydentherapper
Synapse allows a a malformed invite to break the invitee's `/sync` High
CVE-2024-52815 was published for matrix-synapse (pip) Dec 3, 2024
Improper Input Validation in Twisted Critical
CVE-2020-10108 was published for Twisted (pip) Mar 31, 2020
Koji blacklisted paths workaround High
CVE-2017-1002153 was published for koji (pip) May 13, 2022
Improper Input Validation in mindsdb Moderate
CVE-2023-49796 was published for mindsdb (pip) Dec 12, 2023
sylwia-budzynska
OpenStack Nova Scheduler denial of service through scheduler_hints Low
CVE-2012-3371 was published for Nova (pip) May 17, 2022
OpenStack Compute (Nova) Improper Input Validation Moderate
CVE-2012-2654 was published for nova (pip) May 17, 2022
django Filer Unrestricted Upload of File with Dangerous Type Moderate
CVE-2024-11404 was published for django-filer (pip) Nov 20, 2024
Apache Airflow Drill Provider vulnerable to improper input validation High
CVE-2023-28707 was published for apache-airflow-providers-apache-drill (pip) Apr 7, 2023
apache-airflow-providers-apache-drill Improper Input Validation vulnerability High
CVE-2023-39553 was published for apache-airflow-providers-apache-drill (pip) Aug 11, 2023
Incorrect parsing of nameless cookies leads to __Host- cookies bypass Low
CVE-2023-23934 was published for Werkzeug (pip) Feb 15, 2023
lavish
Tweepy does not verify SSL Certificate Moderate
CVE-2012-5825 was published for tweepy (pip) May 17, 2022
Tornado CRLF injection vulnerability High
CVE-2012-2374 was published for tornado (pip) May 17, 2022
Transifex command-line client has improper certificate validation High
CVE-2013-7110 was published for transifex-client (pip) May 17, 2022
Trac Open redirect vulnerability Moderate
CVE-2008-2951 was published for trac (pip) May 1, 2022
Apache Airflow Improper Input Validation vulnerability High
CVE-2023-36543 was published for apache-airflow (pip) Jul 12, 2023
Apache Airflow Improper Input Validation vulnerability High
CVE-2023-22888 was published for apache-airflow (pip) Jul 12, 2023
GitPython vulnerable to Remote Code Execution due to improper user input validation Critical
CVE-2022-24439 was published for GitPython (pip) Dec 6, 2022
ad-m-ss tdunlap607
CairoSVG improperly processes SVG files loaded from external resources High
CVE-2023-27586 was published for CairoSVG (pip) Mar 20, 2023
Cyxow
Ansible password prompts could expose passwords High
CVE-2019-10206 was published for ansible (pip) May 24, 2022
tdunlap607
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible High
CVE-2019-14905 was published for ansible (pip) Apr 20, 2021
Ansible is vulnerable to an improper input validation in Ansible's handling of data sent from client systems Critical
CVE-2016-9587 was published for ansible (pip) Oct 10, 2018
Improper query string handling in Django High
CVE-2010-4534 was published for Django (pip) Jul 23, 2018
MarkLee131
Improper Input Validation in Django High
CVE-2019-3498 was published for Django (pip) Jan 14, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database