Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,680
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

7,168 advisories

Loading
Golang FIPS OpenSSL has a Use of Uninitialized Variable vulnerability High
CVE-2024-9355 was published for github.com/golang-fips/openssl (Go) Oct 1, 2024
Mermaid allows prototype pollution in bundled version of DOMPurify High
GHSA-m4gq-x24j-jpmf was published for mermaid (npm) Oct 22, 2024
aloisklink sidharthv96
ashishjain0512
curl_cffi bundles a version of libcurl affected by High Severity vulnerability High
GHSA-3vpc-4p9p-47hc was published for curl-cffi (pip) Oct 22, 2024
SCH227
slixmpp Incorrect Access Control High
CVE-2019-1000021 was published for slixmpp (pip) May 13, 2022
SaltStack Salt Improper SSL Certificate Validation High
CVE-2020-35662 was published for salt (pip) May 24, 2022
SciPy creates insecure temporary directories High
CVE-2013-4251 was published for scipy (pip) May 5, 2022
Setuptools vulnerable to Man-in-the-middle attacks High
CVE-2013-1633 was published for setuptools (pip) May 17, 2022
Infinite Loop in scapy High
CVE-2019-1010142 was published for scapy (pip) Jul 22, 2019
SaltStack Salt command injection via a crafted process name High
CVE-2020-28243 was published for salt (pip) May 24, 2022
Exposure of Resource to Wrong Sphere in salt High
CVE-2021-21996 was published for salt (pip) Nov 21, 2021
SaltStack Salt Denial of Service via a crafted authentication request High
CVE-2017-14696 was published for salt (pip) May 17, 2022
SaltStack Salt Authentication Bypass by Capture-replay High
CVE-2022-22936 was published for salt (pip) Mar 30, 2022
SaltStack Salt Permissions Bypass High
CVE-2022-22941 was published for salt (pip) Mar 30, 2022
Memory leaks in code encrypting and verifying RSA payloads High
CVE-2024-1394 was published for github.com/golang-fips/go (Go) Mar 20, 2024
qmuntal r3kumar
andrewpollock
Python-RSA decryption of ciphertext leads to DoS High
CVE-2020-13757 was published for rsa (pip) Mar 24, 2021
SQL injection in funadmin High
CVE-2024-48231 was published for funadmin/funadmin (Composer) Oct 21, 2024
Salt Improper Access Control High
CVE-2016-1866 was published for salt (pip) May 14, 2022
Salt vulnerable to Improper Certificate Validation High
CVE-2015-4017 was published for salt (pip) May 14, 2022
Insufficiently Protected Credentials in Requests High
CVE-2018-18074 was published for requests (pip) Oct 29, 2018
rtslib-fb weak permissions for /etc/target/saveconfig.json file High
CVE-2020-14019 was published for rtslib-fb (pip) May 24, 2022
SaltStack Salt Insecure Temporary File Creation High
CVE-2014-3563 was published for salt (pip) May 17, 2022
SaltStack Salt Authentication Bypass when using the local_batch client from salt-api High
CVE-2017-5192 was published for salt (pip) May 17, 2022
Pysaml2 does not sanitize XML responses High
CVE-2016-10149 was published for pysaml2 (pip) Jul 16, 2018
SaltStack Salt arbitrary command execution in Salt-api via ssh_client High
CVE-2017-5200 was published for salt (pip) May 13, 2022
Pyopenssl Incorrect Memory Management High
CVE-2018-1000808 was published for pyopenssl (pip) Oct 10, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database