Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,904
Maven
5,000+
npm
3,634
NuGet
638
pip
3,250
Pub
10
RubyGems
867
Rust
819
Swift
35
Unreviewed advisories
All unreviewed
5,000+

282 advisories

Loading
Incorrect parsing of nameless cookies leads to __Host- cookies bypass Low
CVE-2023-23934 was published for Werkzeug (pip) Feb 15, 2023
lavish
IPython vulnerable to command injection via set_term_title Low
CVE-2023-24816 was published for ipython (pip) Feb 10, 2023
Package discontinued because Bitly lowered the free quota Low
GHSA-ggrh-grj3-vfvw was published for bitlyshortener (pip) Nov 28, 2022
Temporary File Information Disclosure vulnerability in MPXJ Low
CVE-2022-41954 was published for mpxj (Maven) Nov 28, 2022
JLLeitschuh jkmartindale
`CHECK` failure in `SobolSample` via missing validation Low
GHSA-cqvq-fvhr-v6hc was published for tensorflow (pip) Nov 21, 2022
`CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in eager mode Low
GHSA-xf83-q765-xm6m was published for tensorflow (pip) Nov 21, 2022
rdiffweb vulnerable to Improper Cleanup on Thrown Exception Low
CVE-2022-3301 was published for rdiffweb (pip) Sep 27, 2022
OctoPrint vulnerable to Unrestricted Upload of File with Dangerous Type Low
CVE-2022-2872 was published for OctoPrint (pip) Sep 22, 2022
TensorFlow vulnerable to `CHECK`-fail in `tensorflow::full_type::SubstituteFromAttrs` Low
CVE-2022-36016 was published for tensorflow (pip) Sep 16, 2022
TensorFlow vulnerable to integer overflow in math ops Low
CVE-2022-36015 was published for tensorflow (pip) Sep 16, 2022
Python-TUF vulnerable to incorrect threshold signature computation for new root metadata Low
GHSA-r7vq-6425-j94w was published for tuf (pip) Sep 15, 2022
trishankatdatadog
OctoPrint does not have rate limiting on the login page Low
CVE-2022-2822 was published for OctoPrint (pip) Aug 16, 2022
OpenStack Nova Changing vnic_type breaks compute service restart Low
CVE-2022-37394 was published for nova (pip) Aug 4, 2022
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings Low
CVE-2022-31177 was published for Flask-AppBuilder (pip) Jul 29, 2022
Cabot Cross Site Scripting (XSS) vulnerability via Endpoint column Low
CVE-2020-7734 was published for cabot (pip) May 24, 2022
OpenStack Nova can leak consoleauth token into log files Low
CVE-2015-9543 was published for Nova (pip) May 24, 2022
Virtualenv Allows Symlink Attack on /tmp/ Low
CVE-2011-4617 was published for virtualenv (pip) May 17, 2022
OpenStack Nova Scheduler denial of service through scheduler_hints Low
CVE-2012-3371 was published for Nova (pip) May 17, 2022
Python Keyring does not securely initialize encryption cipher Low
CVE-2012-4571 was published for keyring (pip) May 17, 2022
OpenStack Compute (Nova) Resource limit circumvention in Nova private flavors Low
CVE-2013-4278 was published for nova (pip) May 17, 2022
OpenStack Cinder LVMVolumeDriver does not zero deleted snapshots Low
CVE-2013-4183 was published for cinder (pip) May 17, 2022
OpenStack Identity Keystone Privilege Escalation vulnerability Low
CVE-2013-4477 was published for keystone (pip) May 17, 2022
OpenStack Glance sensitive information disclosure via logs Low
CVE-2014-1948 was published for glance (pip) May 17, 2022
Plone is vulnerable to File System Path Exposure Low
CVE-2013-4194 was published for plone (pip) May 17, 2022
Plone Denial of Service vulnerability via decompressing large zip archives Low
CVE-2013-4199 was published for plone (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database