GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
9,023 advisories
Filter by severity
Kanister vulnerable to cluster-level privilege escalation
Moderate
CVE-2024-43403
was published
for
github.com/kanisterio/kanister
(Go)
Aug 20, 2024
Man-in-the-Middle (MitM)
Moderate
CVE-2014-5277
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Sentry improper error handling leaks Application Integration Client Secret
Moderate
CVE-2024-53253
was published
for
sentry
(pip)
Nov 22, 2024
Improper Input Validation vulnerability in Apache Hop Engine
Moderate
CVE-2024-24683
was published
for
org.apache.hop:hop
(Maven)
Mar 19, 2024
cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs
Moderate
GHSA-r4pg-vg54-wxx4
was published
for
github.com/cert-manager/cert-manager
(Go)
Nov 20, 2024
Password Pusher rate limiter can be bypassed by forging proxy headers
Moderate
CVE-2024-52796
was published
for
pwpush
(RubyGems)
Nov 20, 2024
Rancher Helm Applications may have sensitive values leaked
Moderate
CVE-2024-52282
was published
for
github.com/rancher/rancher
(Go)
Nov 20, 2024
Vyper's raw_call `value=` kwargs not disabled for static and delegate calls
Moderate
CVE-2024-24567
was published
for
vyper
(pip)
Jan 30, 2024
smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables
Moderate
GHSA-pqhp-25j4-6hq9
was published
for
smol-toml
(npm)
Nov 22, 2024
Vyper has incorrect re-entrancy lock when key is empty string
Moderate
CVE-2023-42441
was published
for
vyper
(pip)
Sep 18, 2023
transformers has Insecure Temporary File
Moderate
CVE-2023-2800
was published
for
transformers
(pip)
May 18, 2023
Zope Denial of Service (DoS) vulnerability in ZServer
Moderate
CVE-2010-3198
was published
for
Zope
(pip)
May 17, 2022
PaddlePaddle nullptr dereference in paddle.crop
Moderate
CVE-2023-52312
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
Mayan EDMS DMS XSS vulnerability
Moderate
CVE-2022-47419
was published
for
mayan-edms
(pip)
Feb 8, 2023
Mayan EDMS multiple cross-site scripting (XSS) vulnerabilities
Moderate
CVE-2014-3840
was published
for
mayan-edms
(pip)
May 17, 2022
Ipsilon denial of service via a duplicate SP name
Moderate
CVE-2015-5217
was published
for
ipsilon
(pip)
May 17, 2022
Ipsilon denial of service by deleting a SAML2 Service Provider (SP)
Moderate
CVE-2015-5301
was published
for
ipsilon
(pip)
May 17, 2022
safeurl-python contains Server-Side Request Forgery
Moderate
CVE-2023-24622
was published
for
safeurl-python
(pip)
Jan 27, 2023
OpenStack Glance logs user name and password in cleartext
Moderate
CVE-2013-0212
was published
for
glance
(pip)
May 5, 2022
rdiffweb vulnerable to Open Redirect
Moderate
CVE-2022-3438
was published
for
rdiffweb
(pip)
Oct 10, 2022
rdiffweb allows a new password to be the same as the previous password
Moderate
CVE-2022-3376
was published
for
rdiffweb
(pip)
Oct 6, 2022
Libextractor multiple heap-based buffer overflows
Moderate
CVE-2006-2458
was published
for
extractor
(pip)
May 1, 2022
ProTip!
Advisories are also available from the
GraphQL API