GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
19 advisories
Filter by severity
Multiple cross-site scripting (XSS) vulnerabilities in Roundup
Moderate
CVE-2012-6133
was published
for
roundup
(pip)
Apr 23, 2022
simplejson before 2.6.1 vulnerable to array index error
Moderate
CVE-2014-4616
was published
for
simplejson
(pip)
May 14, 2022
Sony Neural Network Libraries reliance on untrusted inputs prior to v1.0.10
Critical
CVE-2019-10844
was published
for
nnabla
(pip)
May 13, 2022
Open Redirect in Apache Superset
Moderate
CVE-2021-28125
was published
for
apache-superset
(pip)
Oct 6, 2021
Maltego incorrectly shares a MISP connection across users in a remote-transform use case
Critical
CVE-2020-12889
was published
for
MISP-maltego
(pip)
May 24, 2022
snowflake-connector-python is vulnerable to Regular Expression Denial of Service (ReDoS)
Moderate
CVE-2022-42965
was published
for
snowflake-connector-python
(pip)
Nov 10, 2022
Potential memory corruption in arrayfire
Critical
CVE-2018-20998
was published
for
arrayfire
(pip)
Aug 25, 2021
archivy is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-4162
was published
for
archivy
(pip)
Jan 6, 2022
Exposure of sensitive information to an unauthorized actor in HyperKitty
High
CVE-2021-33038
was published
for
HyperKitty
(pip)
Jun 1, 2021
Improper Verification of Cryptographic Signature in matrix-synapse
High
CVE-2019-18835
was published
for
matrix-synapse
(pip)
May 24, 2022
Cross-site scripting in markdown2 for python
Moderate
CVE-2009-3724
was published
for
markdown2
(pip)
Apr 21, 2022
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG
High
CVE-2019-11842
was published
for
matrix-sydent
(pip)
May 24, 2022
openapi-python-client Arbitrary Code Generation vulnerability
High
CVE-2020-15142
was published
for
openapi-python-client
(pip)
Aug 20, 2020
Unsafe pyyaml load usage in PyAnyAPI
Critical
CVE-2017-16616
was published
for
pyanyapi
(pip)
May 13, 2022
Exiv2 has an out-of-bounds read in QuickTimeVideo::NikonTagsDecoder
Moderate
CVE-2024-24826
was published
for
exiv2
(pip)
Oct 17, 2024
Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder
Moderate
CVE-2024-25112
was published
for
exiv2
(pip)
Oct 17, 2024
Pyspark User Impersonation Vulnerability
Moderate
CVE-2018-11760
was published
for
pyspark
(pip)
Feb 7, 2019
django-anymail Includes Sensitive Information in Log Files
Critical
CVE-2018-1000089
was published
for
django-anymail
(pip)
May 14, 2022
Twisted vulnerable to NameVirtualHost Host header injection
Moderate
CVE-2022-39348
was published
for
twisted
(pip)
Oct 26, 2022
ProTip!
Advisories are also available from the
GraphQL API