GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
7,154 advisories
Filter by severity
NYUCCL psiTurk IS vulnerable to Improper Neutralization of Special Elements
High
CVE-2021-4315
was published
for
psiTurk
(pip)
Jan 29, 2023
privacyIDEA Improper Input Validation vulnerability
High
CVE-2018-1000809
was published
for
privacyIDEA
(pip)
Jan 14, 2019
Pycrypto generates weak key parameters
High
CVE-2018-6594
was published
for
pycrypto
(pip)
Jul 12, 2018
Vault Community Edition privilege escalation vulnerability
High
CVE-2024-9180
was published
for
github.com/hashicorp/vault
(Go)
Oct 10, 2024
Plone unauthorized member addition vulnerability
High
CVE-2015-7315
was published
for
Plone
(pip)
May 17, 2022
Security Update for the OPC UA .NET Standard Stack
High
GHSA-qm9f-c3v9-wphv
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Oct 18, 2024
Permissive Regular Expression in tacquito
High
GHSA-p5wf-cmr4-xrwr
was published
for
github.com/facebookincubator/tacquito
(Go)
Oct 18, 2024
DeepSpeed Remote Code Execution Vulnerability
High
CVE-2024-43497
was published
for
deepspeed
(pip)
Oct 8, 2024
Plone Unauthorized Access Vulnerability
High
CVE-2017-1000483
was published
for
Plone
(pip)
May 13, 2022
Plone vulnerable to cross-site request forgery
High
CVE-2015-7293
was published
for
Plone
(pip)
May 17, 2022
Plone Unrestricted Filed Manipulation vulnerability via content edit forms
High
CVE-2013-4193
was published
for
plone
(pip)
May 17, 2022
Improper Restriction of XML External Entity Reference in Plone
High
CVE-2020-28734
was published
for
Plone
(pip)
Apr 7, 2021
Azure SDK for Java Security Feature Bypass Vulnerability
High
CVE-2020-16971
was published
for
com.azure:azure-core-amqp
(Maven)
May 24, 2022
btcd did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality
High
CVE-2024-38365
was published
for
github.com/btcsuite/btcd
(Go)
Oct 10, 2024
Undertow's url-encoded request path information can be broken on ajp-listener
High
CVE-2024-6162
was published
for
io.undertow:undertow-core
(Maven)
Jun 20, 2024
github.com/containers/image allows unexpected authenticated registry accesses
High
CVE-2024-3727
was published
for
github.com/containers/image
(Go)
May 14, 2024
Denial of Service in Connect2id Nimbus JOSE+JWT
High
CVE-2023-52428
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
Feb 11, 2024
OpenRefine JDBC Attack Vulnerability
High
CVE-2024-23833
was published
for
org.openrefine:database
(Maven)
Feb 12, 2024
Radicale is vulnerable to timing oracles and simple bruteforce attacks
High
CVE-2017-8342
was published
for
Radicale
(pip)
May 13, 2022
Arbitrary command execution on Windows via qutebrowserurl: URL handler
High
CVE-2021-41146
was published
for
qutebrowser
(pip)
Oct 22, 2021
ProTip!
Advisories are also available from the
GraphQL API