Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

273 advisories

Loading
Django User Enumeration Vulnerability Low
CVE-2016-2513 was published for django (pip) May 17, 2022
MarkLee131
Open Redirect in Flask-Security-Too Low
CVE-2021-32618 was published for Flask-Security-Too (pip) May 17, 2021
tdunlap607
Improper authorisation of members discloses room membership to non-members Low
CVE-2021-39164 was published for matrix-synapse (pip) Sep 1, 2021
0xkasper
Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner. Low
CVE-2021-39163 was published for matrix-synapse (pip) Sep 1, 2021
0xkasper
IPython vulnerable to command injection via set_term_title Low
CVE-2023-24816 was published for ipython (pip) Feb 10, 2023
Open redirect in Jupyter Notebook Low
CVE-2020-26215 was published for notebook (pip) Nov 18, 2020
Temporary File Information Disclosure vulnerability in MPXJ Low
CVE-2022-41954 was published for mpxj (Maven) Nov 28, 2022
JLLeitschuh jkmartindale
matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes Low
CVE-2023-41335 was published for matrix-synapse (pip) Sep 26, 2023
Path Traversal in openapi-python-client Low
CVE-2020-15141 was published for openapi-python-client (pip) Aug 20, 2020
pawamoy emann
OctoPrint vulnerable to Unrestricted Upload of File with Dangerous Type Low
CVE-2022-2872 was published for OctoPrint (pip) Sep 22, 2022
Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list Low
GHSA-26jh-r8g2-6fpr was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Lord of Large Language Models (LoLLMs) Server path traversal vulnerability in lollms_file_system.py Low
CVE-2024-6971 was published for lollms (pip) Oct 11, 2024
Race condition in zenml Low
CVE-2024-2032 was published for zenml (pip) Jun 6, 2024
open-webui allows enumeration of file names and traversal of directories by observing the error messages Low
CVE-2024-7038 was published for open-webui (pip) Oct 9, 2024
python-keystoneclient unsecure user password update Low
CVE-2013-2013 was published for python-keystoneclient (pip) May 17, 2022
pyxdg Arbitrary File Overwrite via Race Condition Low
CVE-2014-1624 was published for pyxdg (pip) May 17, 2022
Incorrect Provision of Specified Functionality in qutebrowser Low
CVE-2020-11054 was published for qutebrowser (pip) May 8, 2020
The-Compiler
Plone Denial of Service vulnerability via decompressing large zip archives Low
CVE-2013-4199 was published for plone (pip) May 17, 2022
Plone Multiple open redirect vulnerabilities Low
CVE-2013-4195 was published for plone (pip) May 17, 2022
RPLY Predictable Tmpfile Names Allows Cache Spoofing Low
CVE-2014-1604 was published for RPLY (pip) May 17, 2022
Salt uses weak permissions on the cache data Low
CVE-2015-8034 was published for salt (pip) May 17, 2022
SaltStack Salt Improper Authentication via Man in the Middle Attack Low
CVE-2022-22935 was published for salt (pip) Mar 30, 2022
Forwarding of confidentials headers to third parties in fluture-node Low
CVE-2022-24719 was published for fluture-node (npm) Mar 1, 2022
python-keystoneclient vulnerable to context confusion in Keystone auth_token middleware Low
CVE-2014-0105 was published for python-keystoneclient (pip) May 17, 2022
Rdiffweb vulnerable to Missing Authentication for Critical Function Low
CVE-2022-4018 was published for rdiffweb (pip) Nov 16, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database