Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

14 advisories

Loading
PyJWT vulnerable to key confusion attacks High
CVE-2017-11424 was published for pyjwt (pip) May 13, 2022
jhutchings1
Arbitrary file write in NumPy High
CVE-2014-1858 was published for numpy (pip) May 14, 2022
jhutchings1
JupyterHub OAuthenticator elevation of privilege High
CVE-2018-7206 was published for oauthenticator (pip) May 13, 2022
jhutchings1
Numpy arbitrary file write via symlink attack High
CVE-2014-1859 was published for numpy (pip) May 14, 2022
jhutchings1
Improper input validation in cryptography High
CVE-2016-9243 was published for cryptography (pip) May 17, 2022
jhutchings1
Scrapy denial of service vulnerability High
CVE-2017-14158 was published for scrapy (pip) May 17, 2022
jhutchings1 G-Rath
ayatweb Matthew-Grayson
Regular expression denial of service in scss-tokenizer High
CVE-2022-25758 was published for scss-tokenizer (npm) Jul 2, 2022
jhutchings1 G-Rath
tomas-cerney
DLL Injection in kerberos High
CVE-2020-13110 was published for kerberos (npm) Sep 4, 2020
jhutchings1
i18n Vulnerable to Denial of Service Attack High
CVE-2014-10077 was published for i18n (RubyGems) May 14, 2022
jhutchings1
Nokogiri is vulnerable to XML External Entity (XXE) attack High
CVE-2012-6685 was published for nokogiri (RubyGems) Apr 23, 2022
jhutchings1
Numpy missing input validation High
CVE-2017-12852 was published for numpy (pip) May 13, 2022
jhutchings1
OpenPGP 1.2.0 and earlier decrypts arbitrary messages High
CVE-2015-8013 was published for openpgp (npm) May 17, 2022
jhutchings1
Prototype pollution in @strikeentco/set High
CVE-2020-28267 was published for @strikeentco/set (npm) May 24, 2022
jhutchings1
PHPMailer susceptible to arbitrary code execution High
CVE-2008-5619 was published for phpmailer/phpmailer (Composer) May 14, 2022
jhutchings1
ProTip! Advisories are also available from the GraphQL API