GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,028 advisories
Filter by severity
DataEase's H2 datasource has a remote command execution risk
Critical
CVE-2024-46997
was published
for
io.dataease:common
(Maven)
Sep 23, 2024
joblib vulnerable to arbitrary code execution
Critical
CVE-2022-21797
was published
for
joblib
(pip)
Sep 27, 2022
Improper Input Validation in httpx
Critical
CVE-2021-41945
was published
for
httpx
(pip)
Apr 29, 2022
ipycache is vulnerable to Code Injection
Critical
CVE-2019-7539
was published
for
ipycache
(pip)
Mar 25, 2019
Navidrome has Multiple SQL Injections and ORM Leak
Critical
CVE-2024-47062
was published
for
github.com/navidrome/navidrome
(Go)
Sep 20, 2024
Improper Input Validation in Jupyter Notebook
Critical
CVE-2015-7337
was published
for
ipython
(pip)
May 17, 2022
graphite-web is vulnerable to Remote Code Execution
Critical
CVE-2013-5942
was published
for
graphite-web
(pip)
May 17, 2022
graphite-web is vulnerable to Remote Code Execution via renderLocalView function
Critical
CVE-2013-5093
was published
for
graphite-web
(pip)
May 17, 2022
Ganga allows absolute path traversal
Critical
CVE-2022-31507
was published
for
ganga
(pip)
Jul 13, 2022
git-big-picture Code Execution
Critical
CVE-2021-3028
was published
for
git-big-picture
(pip)
May 24, 2022
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments
Critical
CVE-2023-40267
was published
for
GitPython
(pip)
Aug 11, 2023
Gerapy may cause remote code execution
Critical
CVE-2021-43857
was published
for
gerapy
(pip)
Jan 6, 2022
Dulwich Buffer Overflow when handling pack files
Critical
CVE-2015-0838
was published
for
dulwich
(pip)
May 17, 2022
Dulwich Arbitrary code execution via commit with directory path starting with .git
Critical
CVE-2014-9706
was published
for
dulwich
(pip)
May 17, 2022
XML External Entity vulnerability in Easy-XML
Critical
CVE-2020-26705
was published
for
easy-xml
(pip)
Nov 1, 2021
GitHub personal access token leaking into temporary EasyBuild (debug) logs
Critical
CVE-2020-5262
was published
for
easybuild-framework
(pip)
Mar 19, 2020
Eve allows execution of arbitrary code
Critical
CVE-2018-8097
was published
for
eve
(pip)
Jul 12, 2018
Django Rest Framework jwt allows obtaining new token from notionally invalidated token
Critical
CVE-2020-10594
was published
for
drf-jwt
(pip)
Jun 5, 2020
ReviewBoard and Djblets library are vulnerable to code execution
Critical
CVE-2013-4409
was published
for
ReviewBoard
(pip)
May 5, 2022
Improper Verification of Cryptographic Signature in Pure-Python ECDSA
Critical
CVE-2019-14859
was published
for
ecdsa
(pip)
Apr 1, 2020
Donfig Command Injection in collect_yaml method
Critical
CVE-2019-7537
was published
for
donfig
(pip)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API