GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,904
Maven
5,000+
npm
3,635
NuGet
638
pip
3,252
Pub
10
RubyGems
867
Rust
819
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,103 advisories
Filter by severity
OpenStack Neutron Denial of Service vulnerability
High
CVE-2021-40797
was published
for
neutron
(pip)
May 24, 2022
Mercurial Improper Input Validation vulnerability
High
CVE-2018-13346
was published
for
mercurial
(pip)
May 13, 2022
Mercurial Improper Input Validation vulnerability
High
CVE-2018-13348
was published
for
mercurial
(pip)
May 13, 2022
modoboa vulnerable to Cross-Site Request Forgery
High
CVE-2023-2228
was published
for
modoboa
(pip)
Apr 21, 2023
Modoboa is vulnerable to an XML External Entity Injection (XXE)
High
CVE-2019-19702
was published
for
modoboa-dmarc
(pip)
May 24, 2022
Improper Removal of Sensitive Information Before Storage or Transfer in irrd
High
CVE-2022-24798
was published
for
irrd
(pip)
Apr 1, 2022
openstack-mistral Discloses the presence of arbitrary files within the filesystem
High
CVE-2018-16849
was published
for
mistral
(pip)
May 13, 2022
JSNAPy allows unprivileged local users to alter files under the directory
High
CVE-2018-0023
was published
for
jsnapy
(pip)
Jul 12, 2018
Keylime: unhandled exceptions could lead to invalid attestation states
High
CVE-2022-3500
was published
for
Keylime
(pip)
Oct 28, 2022
Jinja2 sandbox escape via string formatting
High
CVE-2019-10906
was published
for
Jinja2
(pip)
Apr 10, 2019
RhodeCode and Kallithea are vulnerable to sensitive information disclosure
High
CVE-2015-0260
was published
for
Kallithea
(pip)
May 13, 2022
Mercurial missing symlink check
High
CVE-2017-1000115
was published
for
mercurial
(pip)
May 14, 2022
Mercurial Out-of-bounds Read vulnerability
High
CVE-2018-17983
was published
for
mercurial
(pip)
May 14, 2022
Mercurial arbitrary code execution vulnerability
High
CVE-2016-3630
was published
for
mercurial
(pip)
May 14, 2022
Possible pod name collisions in jupyterhub-kubespawner
High
CVE-2020-15110
was published
for
jupyterhub-kubespawner
(pip)
Jul 22, 2020
Mercurial vulnerable to arbitrary code execution via a crafted name when converting a Git repository
High
CVE-2016-3069
was published
for
mercurial
(pip)
May 14, 2022
Mercurial arbitrary code execution via a crafted git ext:: URL
High
CVE-2016-3068
was published
for
mercurial
(pip)
May 14, 2022
mechanize Regular Expression Denial of Service vulnerability
High
CVE-2021-32837
was published
for
mechanize
(pip)
Jan 18, 2023
Execution with Unnecessary Privileges in JupyterApp
High
CVE-2022-39286
was published
for
jupyter-core
(pip)
Oct 26, 2022
Synapse does not apply enough checks to servers requesting auth events of events in a room
High
CVE-2022-39335
was published
for
matrix-synapse
(pip)
May 24, 2023
Improper Input Validation in kdcproxy
High
CVE-2015-5159
was published
for
kdcproxy
(pip)
Nov 1, 2018
Incorrect Privilege Assignment in Jinja2
High
CVE-2014-1402
was published
for
Jinja2
(pip)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API