Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,364
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

20,678 advisories

Loading
PingCAP TiDB nil pointer dereference Moderate
CVE-2024-37820 was published for github.com/pingcap/tidb (Go) Jun 25, 2024
Zope Cross-site scripting (XSS) vulnerability in ZMI pages Moderate
CVE-2009-5145 was published for Zope2 (pip) May 2, 2022
Zope allows remote attackers to read arbitrary files Moderate
CVE-2006-4684 was published for zope2 (pip) May 1, 2022
Tahoe-LAFS fails to ensure integrity Moderate
CVE-2012-0051 was published for tahoe-lafs (pip) Apr 23, 2022
SFTPGo allows administrators to restrict command execution from the EventManager Moderate
CVE-2024-52309 was published for github.com/drakkan/sftpgo/v2 (Go) Nov 21, 2024
hyperreality
Querydsl SQL/HQL injection High
CVE-2024-49203 was published for com.querydsl:querydsl-apt (Maven) Nov 20, 2024
GeoNode Server Side Request forgery High
CVE-2023-40017 was published for geonode (pip) Nov 21, 2024
ImThatT
Flowise OverrideConfig security vulnerability High
GHSA-5cph-wvm9-45gj was published for flowise (npm) Nov 21, 2024
ryanhalliday
LLama Factory Remote OS Command Injection Vulnerability High
CVE-2024-52803 was published for llamafactory (pip) Nov 21, 2024
superboy-zjc
Capstone SEGV caused by a read memory access Moderate
CVE-2016-7151 was published for capstone (pip) May 24, 2022
blosc2 heap-based buffer overflow High
CVE-2020-29367 was published for blosc2 (pip) May 24, 2022
bounter Null pointer reference High
CVE-2021-41497 was published for bounter (pip) Dec 18, 2021
Capstone Integer overflow High
CVE-2017-6952 was published for capstone (pip) May 17, 2022
chia-blockchain tokens can be inflated to an arbitrary extent High
CVE-2022-36447 was published for chia-blockchain (pip) Jul 30, 2022
Designate does not enforce the DNS protocol limit concerning record set sizes Moderate
CVE-2015-5694 was published for designate (pip) May 24, 2022
Designate mDNS DoS through incorrect handling of large RecordSets Moderate
CVE-2015-5695 was published for designate (pip) May 17, 2022
diplib Double Free Moderate
CVE-2021-39432 was published for diplib (pip) Nov 4, 2022
LIEF heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind Moderate
CVE-2022-43171 was published for lief (pip) Nov 18, 2022
Zope allows local users to read arbitrary files Low
CVE-2006-3458 was published for Zope2 (pip) May 1, 2022
OpenStack Identity (Keystone) UUID v2 tokens does not expire with revocation events Moderate
CVE-2014-5252 was published for keystone (pip) May 17, 2022
OpenStack Identity (Keystone) Multiple vulnerabilities in revocation events Moderate
CVE-2014-5251 was published for keystone (pip) May 17, 2022
OpenStack Keystone Domain-scoped tokens don't get revoked Moderate
CVE-2014-5253 was published for keystone (pip) May 17, 2022
OpenStack Identity (Keystone) Trustee token revocations does not work with memcache backend Moderate
CVE-2014-2237 was published for keystone (pip) May 17, 2022
OpenStack Identity (Keystone) DoS through V3 API authentication chaining High
CVE-2014-2828 was published for keystone (pip) May 17, 2022
OpenStack Image Service (Glance) allows remote authenticated users to read arbitrary file Moderate
CVE-2015-5163 was published for glance (pip) May 17, 2022
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database