Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,339
Erlang
31
GitHub Actions
22
Go
2,099
Maven
5,000+
npm
3,763
NuGet
678
pip
3,448
Pub
12
RubyGems
892
Rust
883
Swift
37
Unreviewed advisories
All unreviewed
5,000+

3,448 advisories

Loading
Python package "zhmcclient" stores passwords in clear text in its HMC and API logs Moderate
CVE-2024-53865 was published for zhmcclient (pip) Dec 2, 2024
andy-maier
pyspider Cross-site Scripting vulnerability Moderate
CVE-2024-39162 was published for pyspider (pip) Nov 29, 2024
Denial of service (DoS) via deformation `multipart/form-data` boundary High
CVE-2024-53981 was published for python-multipart (pip) Dec 2, 2024
Startr4ck defnull
mnqazi
Ansible vulnerable to Insertion of Sensitive Information into Log File High
CVE-2024-8775 was published for ansible-core (pip) Sep 16, 2024
ansible-core Incorrect Authorization vulnerability Moderate
CVE-2024-9902 was published for ansible-core (pip) Nov 6, 2024
Synapse denial of service through media disk space consumption High
CVE-2024-37302 was published for matrix-synapse (pip) Dec 3, 2024
Synapse's unauthenticated writes to the media repository allow planting of problematic content Moderate
CVE-2024-37303 was published for matrix-synapse (pip) Dec 3, 2024
Synapse allows unsupported content types to lead to memory exhaustion High
CVE-2024-52805 was published for matrix-synapse (pip) Dec 3, 2024
Synapse allows a a malformed invite to break the invitee's `/sync` High
CVE-2024-52815 was published for matrix-synapse (pip) Dec 3, 2024
Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders High
CVE-2024-53863 was published for matrix-synapse (pip) Dec 3, 2024
Synapse Matrix has a partial room state leak via Sliding Sync Moderate
CVE-2024-53867 was published for matrix-synapse (pip) Dec 3, 2024
Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality Moderate
CVE-2024-53999 was published for mobsf (pip) Dec 3, 2024
lDomenx
Sentry improper error handling leaks Application Integration Client Secret Moderate
CVE-2024-53253 was published for sentry (pip) Nov 22, 2024
Christinarlong
OpenStack improperly deletes access rules Moderate
CVE-2023-6110 was published for python-openstackclient (pip) Nov 17, 2024
Ansible symlink attack vulnerability Moderate
CVE-2023-5115 was published for ansible (pip) Dec 28, 2023
Ansible galaxy-importer Path Traversal vulnerability Moderate
CVE-2023-5189 was published for galaxy-importer (pip) Nov 15, 2023
Certifi removes GLOBALTRUST root certificate Low
CVE-2024-39689 was published for certifi (pip) Jul 5, 2024
Kwpolska
Apache Superset: Error verbosity exposes metadata in analytics databases Moderate
CVE-2024-53948 was published for apache-superset (pip) Dec 9, 2024
Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled High
CVE-2024-53949 was published for apache-superset (pip) Dec 9, 2024
Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions Low
CVE-2024-53947 was published for apache-superset (pip) Dec 9, 2024
unstructured XML External Entity (XXE) Moderate
CVE-2024-46455 was published for unstructured (pip) Dec 9, 2024
sigstore has insufficient validation of integration timestamp during verification Low
CVE-2024-55655 was published for sigstore (pip) Dec 11, 2024
woodruffw haydentherapper
pyspider Cross-Site Request Forgery (CSRF) via the Flask endpoints High
CVE-2024-39163 was published for pyspider (pip) Dec 4, 2024
python-libarchive directory traversal High
CVE-2024-55587 was published for python-libarchive (pip) Dec 12, 2024
Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access High
CVE-2024-55633 was published for apache-superset (pip) Dec 12, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database