Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

3,400 advisories

Loading
OpenStack improperly deletes access rules Moderate
CVE-2023-6110 was published for python-openstackclient (pip) Nov 17, 2024
OpenStack Neutron can use an incorrect ID during policy enforcement Moderate
CVE-2024-53916 was published for neutron (pip) Nov 25, 2024
Ansible-Core vulnerable to content protections bypass Low
CVE-2024-11079 was published for ansible-core (pip) Nov 12, 2024
arvindshmicrosoft
Sentry improper error handling leaks Application Integration Client Secret Moderate
CVE-2024-53253 was published for sentry (pip) Nov 22, 2024
Christinarlong
Synapse Matrix has a partial room state leak via Sliding Sync Moderate
CVE-2024-53867 was published for matrix-synapse (pip) Dec 3, 2024
Synapse allows a a malformed invite to break the invitee's `/sync` High
CVE-2024-52815 was published for matrix-synapse (pip) Dec 3, 2024
Synapse allows unsupported content types to lead to memory exhaustion High
CVE-2024-52805 was published for matrix-synapse (pip) Dec 3, 2024
Synapse's unauthenticated writes to the media repository allow planting of problematic content Moderate
CVE-2024-37303 was published for matrix-synapse (pip) Dec 3, 2024
Synapse denial of service through media disk space consumption High
CVE-2024-37302 was published for matrix-synapse (pip) Dec 3, 2024
Ansible vulnerable to Insertion of Sensitive Information into Log File High
CVE-2024-8775 was published for ansible-core (pip) Sep 16, 2024
ansible-core Incorrect Authorization vulnerability Moderate
CVE-2024-9902 was published for ansible-core (pip) Nov 6, 2024
Denial of service (DoS) via deformation `multipart/form-data` boundary High
CVE-2024-53981 was published for python-multipart (pip) Dec 2, 2024
Startr4ck defnull
mnqazi
pyspider Cross-site Scripting vulnerability Moderate
CVE-2024-39162 was published for pyspider (pip) Nov 29, 2024
Python package "zhmcclient" stores passwords in clear text in its HMC and API logs Moderate
CVE-2024-53865 was published for zhmcclient (pip) Dec 2, 2024
andy-maier
PyJWT Issuer field partial matches allowed Low
CVE-2024-53861 was published for PyJWT (pip) Dec 2, 2024
fabianbadoi
check-jsonschema default caching for remote schemas allows for cache confusion Moderate
CVE-2024-53848 was published for check-jsonschema (pip) Dec 2, 2024
sethmlarson sirosen
libre-chat Path Traversal vulnerability Moderate
CVE-2024-52787 was published for libre-chat (pip) Nov 25, 2024
Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API Low
CVE-2024-52008 was published for ethyca-fides (pip) Nov 26, 2024
h0wl andres-torres-marroquin
daveqnet erosselli
Path traveral in Streamlit on windows Moderate
CVE-2024-42474 was published for streamlit (pip) Aug 12, 2024
nvn1729
python-scciclient vulnerable to Man-in-the-middle (MITM) attacks Critical
CVE-2022-2996 was published for python-scciclient (pip) Sep 2, 2022
Zope Denial of Service (DoS) vulnerability in ZServer High
CVE-2010-3198 was published for Zope (pip) May 17, 2022
OpenStack Swift Discloses Secret URLs to Timing Attack High
CVE-2014-0006 was published for swift (pip) May 17, 2022
Apache Spark Deserialization of Untrusted Data vulnerability High
CVE-2017-12612 was published for org.apache.spark:spark-core_2.10 (Maven) Nov 9, 2018
ProTip! Advisories are also available from the GraphQL API