Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,079
Erlang
29
GitHub Actions
19
Go
1,905
Maven
5,000+
npm
3,636
NuGet
638
pip
3,254
Pub
10
RubyGems
867
Rust
819
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,103 advisories

Loading
Mistune vulnerable to catastrophic backtracking High
CVE-2022-34749 was published for mistune (pip) Jul 26, 2022
sersorrel
Incorrect header handling in mod-wsgi High
CVE-2022-2255 was published for mod-wsgi (pip) Aug 26, 2022
MoinMoin has improper default configuration High
CVE-2010-0717 was published for moin (pip) May 2, 2022
mindsdb arbitrary file write when extracting a remotely retrieved Tarball High
CVE-2023-30620 was published for mindsdb (pip) Mar 30, 2023
Sim4n6
LoLLMS Path Traversal vulnerability High
CVE-2024-3429 was published for lollms (pip) Jun 6, 2024
OpenStack Neutron Denial of Service vulnerability High
CVE-2021-40797 was published for neutron (pip) May 24, 2022
Relative path traversal in mlflow High
CVE-2023-2356 was published for mlflow (pip) Apr 28, 2023
Mercurial Improper Input Validation vulnerability High
CVE-2018-13346 was published for mercurial (pip) May 13, 2022
Mercurial Improper Input Validation vulnerability High
CVE-2018-13348 was published for mercurial (pip) May 13, 2022
modoboa vulnerable to Cross-Site Request Forgery High
CVE-2023-2228 was published for modoboa (pip) Apr 21, 2023
MLflow Path Traversal Vulnerability High
CVE-2023-6909 was published for mlflow (pip) Dec 20, 2023
Modoboa is vulnerable to an XML External Entity Injection (XXE) High
CVE-2019-19702 was published for modoboa-dmarc (pip) May 24, 2022
Improper Removal of Sensitive Information Before Storage or Transfer in irrd High
CVE-2022-24798 was published for irrd (pip) Apr 1, 2022
openstack-mistral Discloses the presence of arbitrary files within the filesystem High
CVE-2018-16849 was published for mistral (pip) May 13, 2022
JSNAPy allows unprivileged local users to alter files under the directory High
CVE-2018-0023 was published for jsnapy (pip) Jul 12, 2018
Keylime: unhandled exceptions could lead to invalid attestation states High
CVE-2022-3500 was published for Keylime (pip) Oct 28, 2022
galmasi
Jinja2 sandbox escape vulnerability High
CVE-2016-10745 was published for Jinja2 (pip) Apr 10, 2019
Jinja2 sandbox escape via string formatting High
CVE-2019-10906 was published for Jinja2 (pip) Apr 10, 2019
RhodeCode and Kallithea are vulnerable to sensitive information disclosure High
CVE-2015-0260 was published for Kallithea (pip) May 13, 2022
Mercurial missing symlink check High
CVE-2017-1000115 was published for mercurial (pip) May 14, 2022
Mercurial Out-of-bounds Read vulnerability High
CVE-2018-17983 was published for mercurial (pip) May 14, 2022
Mercurial arbitrary code execution vulnerability High
CVE-2016-3630 was published for mercurial (pip) May 14, 2022
Possible pod name collisions in jupyterhub-kubespawner High
CVE-2020-15110 was published for jupyterhub-kubespawner (pip) Jul 22, 2020
Mercurial vulnerable to arbitrary code execution via a crafted name when converting a Git repository High
CVE-2016-3069 was published for mercurial (pip) May 14, 2022
Mercurial arbitrary code execution via a crafted git ext:: URL High
CVE-2016-3068 was published for mercurial (pip) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database