GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,080
Erlang
29
GitHub Actions
19
Go
1,908
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,033 advisories
Filter by severity
Heap-based Buffer Overflow in sqlite-vec
Critical
CVE-2024-46488
was published
for
sqlite-vec
(RubyGems)
Sep 25, 2024
Apache Submarine Server Core Incorrect Authorization vulnerability
Critical
CVE-2024-36265
was published
for
apache-submarine
(Maven)
Jun 12, 2024
Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal
Critical
CVE-2024-47169
was published
for
agnai
(npm)
Sep 26, 2024
Gradio allows users to access arbitrary files
Critical
GHSA-m842-4qm8-7gpq
was published
for
gradio
(pip)
Sep 25, 2024
Mercurial is vulnerable to shell injection attack
Critical
CVE-2017-1000116
was published
for
mercurial
(pip)
May 13, 2022
Mercurial mishandles integer addition and subtraction
Critical
CVE-2018-13347
was published
for
mercurial
(pip)
May 13, 2022
JGit Improper Input Validation vulnerability
Critical
CVE-2014-9390
was published
for
mercurial
(Maven)
May 17, 2022
HTTP client can manipulate custom HTTP headers that are added by Traefik
Critical
CVE-2024-45410
was published
for
github.com/traefik/traefik
(Go)
Sep 19, 2024
Dragonfly2 has hard coded cyptographic key
Critical
CVE-2023-27584
was published
for
d7y.io/dragonfly/v2
(Go)
Sep 19, 2024
Chaosblade vulnerable to OS command execution
Critical
CVE-2023-47105
was published
for
github.com/chaosblade-io/chaosblade
(Go)
Sep 18, 2024
Mellium allows Authentication Bypass by Spoofing
Critical
CVE-2024-46957
was published
for
mellium.im/xmpp
(Go)
Sep 25, 2024
Mercurial vulnerable to arbitrary code injection
Critical
CVE-2017-17458
was published
for
mercurial
(pip)
May 13, 2022
Undirectional routing wasn't respected in some cases in Mitogen
Critical
CVE-2019-15149
was published
for
mitogen
(pip)
Aug 19, 2019
•
withdrawn
JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
Critical
CVE-2023-32188
was published
for
github.com/neuvector/neuvector
(Go)
Oct 6, 2023
Mercurial Incorrect Access Control vulnerability
Critical
CVE-2018-1000132
was published
for
mercurial
(pip)
May 13, 2022
Improper Authorization in modoboa
Critical
CVE-2023-2227
was published
for
modoboa
(pip)
Apr 21, 2023
Authentication Bypass in modoboa
Critical
CVE-2023-0777
was published
for
modoboa
(pip)
Feb 10, 2023
mlflow Path Traversal vulnerability
Critical
CVE-2023-2780
was published
for
mlflow
(pip)
May 17, 2023
Improper Access Control in jupyterhub-firstuseauthenticator
Critical
CVE-2021-41194
was published
for
jupyterhub-firstuseauthenticator
(pip)
Oct 28, 2021
Tenant and Verifier might not use the same registrar data
Critical
CVE-2022-1053
was published
for
keylime
(pip)
May 5, 2022
jsonpickle unsafe deserialization
Critical
CVE-2020-22083
was published
for
jsonpickle
(pip)
May 24, 2022
modulemd uses an unsafe function for processing externally provided data
Critical
CVE-2017-1002157
was published
for
modulemd
(pip)
Jan 17, 2019
Mercurial vulnerable to arbitrary command execution via a crafted repository name in a clone command
Critical
CVE-2014-9462
was published
for
mercurial
(pip)
May 14, 2022
Unsafe deserialization in MLAlchemy
Critical
CVE-2017-16615
was published
for
MLAlchemy
(pip)
Jul 13, 2018
Injection vulnerability that affects ironic-discoverd
Critical
CVE-2015-5306
was published
for
ironic-inspector
(pip)
Jul 5, 2019
ProTip!
Advisories are also available from the
GraphQL API