Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,079
Erlang
29
GitHub Actions
19
Go
1,905
Maven
5,000+
npm
3,636
NuGet
638
pip
3,254
Pub
10
RubyGems
867
Rust
819
Swift
35
Unreviewed advisories
All unreviewed
5,000+

7,038 advisories

Loading
Mistune vulnerable to catastrophic backtracking High
CVE-2022-34749 was published for mistune (pip) Jul 26, 2022
sersorrel
Incorrect header handling in mod-wsgi High
CVE-2022-2255 was published for mod-wsgi (pip) Aug 26, 2022
MoinMoin has improper default configuration High
CVE-2010-0717 was published for moin (pip) May 2, 2022
mindsdb arbitrary file write when extracting a remotely retrieved Tarball High
CVE-2023-30620 was published for mindsdb (pip) Mar 30, 2023
Sim4n6
Keycloak Open Redirect vulnerability High
CVE-2024-8883 was published for org.keycloak:keycloak-services (Maven) Sep 19, 2024
CoreDNS vulnerable to TuDoor Attacks High
CVE-2023-28452 was published for github.com/coredns/coredns (Go) Sep 18, 2024
LoLLMS Path Traversal vulnerability High
CVE-2024-3429 was published for lollms (pip) Jun 6, 2024
Dolibarr allows a remote privileged attacker to execute arbitrary code via a crafted command/script High
CVE-2023-38886 was published for dolibarr/dolibarr (Composer) Sep 20, 2023
FUXA local file inclusion vulnerability High
CVE-2023-31718 was published for fuxa-server (npm) Sep 22, 2023
FUXA vulnerable to Local File Inclusion High
CVE-2023-31716 was published for @frangoteam/fuxa (npm) Sep 22, 2023
OpenStack Neutron Denial of Service vulnerability High
CVE-2021-40797 was published for neutron (pip) May 24, 2022
HTTP Request Smuggling in ruby webrick High
CVE-2024-47220 was published for webrick (RubyGems) Sep 22, 2024
renatolond bermannoah
Relative path traversal in mlflow High
CVE-2023-2356 was published for mlflow (pip) Apr 28, 2023
Mercurial Improper Input Validation vulnerability High
CVE-2018-13346 was published for mercurial (pip) May 13, 2022
Mercurial Improper Input Validation vulnerability High
CVE-2018-13348 was published for mercurial (pip) May 13, 2022
modoboa vulnerable to Cross-Site Request Forgery High
CVE-2023-2228 was published for modoboa (pip) Apr 21, 2023
Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability High
CVE-2024-39928 was published for org.apache.linkis:linkis-engineplugin-spark (Maven) Sep 25, 2024
oscerd
github.com/containers/image allows unexpected authenticated registry accesses High
CVE-2024-3727 was published for github.com/containers/image (Go) May 14, 2024
RTann
MLflow Path Traversal Vulnerability High
CVE-2023-6909 was published for mlflow (pip) Dec 20, 2023
Modoboa is vulnerable to an XML External Entity Injection (XXE) High
CVE-2019-19702 was published for modoboa-dmarc (pip) May 24, 2022
Improper Removal of Sensitive Information Before Storage or Transfer in irrd High
CVE-2022-24798 was published for irrd (pip) Apr 1, 2022
openstack-mistral Discloses the presence of arbitrary files within the filesystem High
CVE-2018-16849 was published for mistral (pip) May 13, 2022
JSNAPy allows unprivileged local users to alter files under the directory High
CVE-2018-0023 was published for jsnapy (pip) Jul 12, 2018
Keylime: unhandled exceptions could lead to invalid attestation states High
CVE-2022-3500 was published for Keylime (pip) Oct 28, 2022
galmasi
Jinja2 sandbox escape vulnerability High
CVE-2016-10745 was published for Jinja2 (pip) Apr 10, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database