GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
267 advisories
Filter by severity
Vyper's external calls can overflow return data to return input buffer
Low
CVE-2024-24560
was published
for
vyper
(pip)
Feb 2, 2024
LIEF obtain sensitive information via the name parameter
Low
CVE-2024-31636
was published
for
lief
(pip)
May 3, 2024
PyDrive2's unsafe YAML deserialization in LoadSettingsFile allows arbitrary code execution
Low
CVE-2023-49297
was published
for
PyDrive2
(pip)
Dec 5, 2023
Nautobot missing object-level permissions enforcement when running Job Buttons
Low
CVE-2023-51649
was published
for
nautobot
(pip)
Dec 22, 2023
Unauthenticated db-file-storage views
Low
CVE-2023-50263
was published
for
nautobot
(pip)
Dec 13, 2023
OpenStack Nova Scheduler denial of service through scheduler_hints
Low
CVE-2012-3371
was published
for
Nova
(pip)
May 17, 2022
OpenStack Nova VMWare driver leaks rescued images
Low
CVE-2014-2573
was published
for
nova
(pip)
May 17, 2022
OpenStack Nova host data leak to vm instance in rescue mode
Low
CVE-2014-0134
was published
for
nova
(pip)
May 17, 2022
Openstack Compute (Nova) Denial of service via network request that triggers large number of iptables rules
Low
CVE-2012-2101
was published
for
nova
(pip)
May 17, 2022
OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability
Low
CVE-2022-4134
was published
for
glance
(pip)
Mar 7, 2023
OpenStack Glance sensitive information disclosure via logs
Low
CVE-2014-1948
was published
for
glance
(pip)
May 17, 2022
OpenStack Keystone Sensitive information disclosure via log files
Low
CVE-2013-2006
was published
for
keystone
(pip)
May 17, 2022
Zope allows local users to read arbitrary files
Low
CVE-2006-3458
was published
for
Zope2
(pip)
May 1, 2022
OpenStack Keystone intended authorization restrictions bypass
Low
CVE-2012-5571
was published
for
Keystone
(pip)
May 17, 2022
OpenStack Cinder LVMVolumeDriver does not zero deleted snapshots
Low
CVE-2013-4183
was published
for
cinder
(pip)
May 17, 2022
CHECK-fail in `QuantizeAndDequantizeV4Grad`
Low
CVE-2021-29544
was published
for
tensorflow
(pip)
May 21, 2021
Incorrect parsing of nameless cookies leads to __Host- cookies bypass
Low
CVE-2023-23934
was published
for
Werkzeug
(pip)
Feb 15, 2023
Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request
Low
CVE-2020-15239
was published
for
xmpp-http-upload
(pip)
Oct 6, 2020
vantage6 does not properly delete linked resources when deleting a collaboration
Low
CVE-2023-41881
was published
for
vantage6
(pip)
Oct 16, 2023
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability
Low
CVE-2024-42447
was published
for
apache-airflow-providers-fab
(pip)
Aug 5, 2024
dbt has an implicit override for built-in materializations from installed packages
Low
CVE-2024-40637
was published
for
dbt-core
(pip)
Jul 17, 2024
Weblate vulnerable to improper sanitization of project backups
Low
CVE-2024-39303
was published
for
Weblate
(pip)
Jul 1, 2024
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted PyPI package
Low
CVE-2022-23531
was published
for
guarddog
(pip)
Dec 2, 2022
ProTip!
Advisories are also available from the
GraphQL API