Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,904
Maven
5,000+
npm
3,634
NuGet
638
pip
3,250
Pub
10
RubyGems
867
Rust
819
Swift
35
Unreviewed advisories
All unreviewed
5,000+

282 advisories

Loading
Zope management interface vulnerable to stored cross site scripting via the title property Low
CVE-2023-44389 was published for Zope (pip) Oct 4, 2023
dataflake drfho
icemac d-maurer
matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes Low
CVE-2023-41335 was published for matrix-synapse (pip) Sep 26, 2023
plone.restapi vulnerable to Stored Cross Site Scripting with SVG image in user portrait Low
GHSA-hc5c-r8m5-2gfh was published for plone.restapi (pip) Sep 21, 2023
plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images Low
CVE-2023-41048 was published for plone.namedfile (pip) Sep 21, 2023
msegoviag
Vulnerable OpenSSL included in cryptography wheels Low
GHSA-v8gr-m533-ghj9 was published for cryptography (pip) Sep 21, 2023
Zope vulnerable to Stored Cross Site Scripting with SVG images Low
CVE-2023-42458 was published for Zope (pip) Sep 21, 2023
mauritsvanrees icemac
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes Low
CVE-2023-41329 was published for com.github.tomakehurst:wiremock-jre8 (Maven) Sep 8, 2023
W0rty numacanedo
tomakehurst Mahoney oleg-nenashev
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in hyper-bump-it Low
CVE-2023-41057 was published for hyper-bump-it (pip) Sep 4, 2023
plannigan
pyca/cryptography's wheels include vulnerable OpenSSL Low
GHSA-jm77-qphf-c4w8 was published for cryptography (pip) Aug 1, 2023
Fides Webserver Vulnerable to SVG Bomb File Uploads Low
CVE-2023-37481 was published for ethyca-fides (pip) Jul 18, 2023
daveqnet
Fides Webserver Vulnerable to Zip Bomb File Uploads Low
CVE-2023-37480 was published for ethyca-fides (pip) Jul 18, 2023
daveqnet
SafeURL-Python's hostname blocklist does not block FQDNs Low
GHSA-373w-rj84-pv6x was published for SafeURL-Python (pip) Jun 29, 2023
Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error Low
CVE-2023-34110 was published for Flask-AppBuilder (pip) Jun 22, 2023
msegoviag
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews Low
CVE-2023-32683 was published for matrix-synapse (pip) Jun 6, 2023
Vulnerable OpenSSL included in cryptography wheels Low
GHSA-5cpq-8wj7-hf2v was published for cryptography (pip) Jun 2, 2023
MindSpore vulnerable to memory corruption Low
CVE-2023-2970 was published for mindspore (pip) May 30, 2023
Vyper's nonpayable default functions are sometimes payable Low
CVE-2023-32675 was published for vyper (pip) May 22, 2023
trocher
Starlette has Path Traversal vulnerability in StaticFiles Low
CVE-2023-29159 was published for starlette (pip) May 17, 2023
aminalaee
kiwi TCMS has possibility for user to update email address to unverified one Low
CVE-2023-30544 was published for kiwitcms (pip) Apr 24, 2023
configobj ReDoS exploitable by developer using values in a server-side configuration file Low
CVE-2023-26112 was published for configobj (pip) Apr 3, 2023
redis-py Race Condition vulnerability Low
CVE-2023-28858 was published for redis (pip) Mar 26, 2023
Remote file existence check vulnerability in `mlflow server` and `mlflow ui` CLIs Low
CVE-2023-1176 was published for mlflow (pip) Mar 24, 2023
OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability Low
CVE-2022-4134 was published for glance (pip) Mar 7, 2023
Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions Low
CVE-2023-26052 was published for saleor (pip) Mar 2, 2023
Lemur subject to insecure random generation Low
GHSA-5fqv-mpj8-h7gm was published for lemur (pip) Mar 1, 2023
kjsman
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database