Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

9,023 advisories

Loading
Kanister vulnerable to cluster-level privilege escalation Moderate
CVE-2024-43403 was published for github.com/kanisterio/kanister (Go) Aug 20, 2024
younaman hairyhum
Man-in-the-Middle (MitM) Moderate
CVE-2014-5277 was published for github.com/docker/docker (Go) Feb 15, 2022
Sentry improper error handling leaks Application Integration Client Secret Moderate
CVE-2024-53253 was published for sentry (pip) Nov 22, 2024
Improper Input Validation vulnerability in Apache Hop Engine Moderate
CVE-2024-24683 was published for org.apache.hop:hop (Maven) Mar 19, 2024
cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs Moderate
GHSA-r4pg-vg54-wxx4 was published for github.com/cert-manager/cert-manager (Go) Nov 20, 2024
Password Pusher rate limiter can be bypassed by forging proxy headers Moderate
CVE-2024-52796 was published for pwpush (RubyGems) Nov 20, 2024
Rancher Helm Applications may have sensitive values leaked Moderate
CVE-2024-52282 was published for github.com/rancher/rancher (Go) Nov 20, 2024
Vyper's raw_call `value=` kwargs not disabled for static and delegate calls Moderate
CVE-2024-24567 was published for vyper (pip) Jan 30, 2024
cyberthirst pcaversaccio
kuroi8 0xdeadbeef0x
smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables Moderate
GHSA-pqhp-25j4-6hq9 was published for smol-toml (npm) Nov 22, 2024
TheKodeToad
Vyper has incorrect re-entrancy lock when key is empty string Moderate
CVE-2023-42441 was published for vyper (pip) Sep 18, 2023
trocher
transformers has Insecure Temporary File Moderate
CVE-2023-2800 was published for transformers (pip) May 18, 2023
sfblackl-intel
Zope Denial of Service (DoS) vulnerability in ZServer Moderate
CVE-2010-3198 was published for Zope (pip) May 17, 2022
Boolector use after free Moderate
CVE-2019-7560 was published for pyboolector (pip) May 14, 2022
libpg_query memory leak Moderate
CVE-2018-18482 was published for pg-query (pip) May 13, 2022
PaddlePaddle nullptr dereference in paddle.crop Moderate
CVE-2023-52312 was published for PaddlePaddle (pip) Jan 3, 2024
Mayan EDMS DMS XSS vulnerability Moderate
CVE-2022-47419 was published for mayan-edms (pip) Feb 8, 2023
Mayan EDMS multiple cross-site scripting (XSS) vulnerabilities Moderate
CVE-2014-3840 was published for mayan-edms (pip) May 17, 2022
Ipsilon denial of service via a duplicate SP name Moderate
CVE-2015-5217 was published for ipsilon (pip) May 17, 2022
Ipsilon denial of service by deleting a SAML2 Service Provider (SP) Moderate
CVE-2015-5301 was published for ipsilon (pip) May 17, 2022
safeurl-python contains Server-Side Request Forgery Moderate
CVE-2023-24622 was published for safeurl-python (pip) Jan 27, 2023
whoissecure
OpenStack Glance logs user name and password in cleartext Moderate
CVE-2013-0212 was published for glance (pip) May 5, 2022
Missing rate limit on rdiffweb Moderate
CVE-2022-3456 was published for rdiffweb (pip) Oct 14, 2022
rdiffweb vulnerable to Open Redirect Moderate
CVE-2022-3438 was published for rdiffweb (pip) Oct 10, 2022
rdiffweb allows a new password to be the same as the previous password Moderate
CVE-2022-3376 was published for rdiffweb (pip) Oct 6, 2022
Libextractor multiple heap-based buffer overflows Moderate
CVE-2006-2458 was published for extractor (pip) May 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database