Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

131 advisories

Loading
Local API Login Credentials Disclosure in paratrooper-pingdom Low
CVE-2014-1233 was published for paratrooper-pingdom (RubyGems) Oct 24, 2017
Incorrect Permission Assignment for Critical Resource in Apache hive Low
CVE-2018-1315 was published for org.apache.hive:hive (Maven) Nov 21, 2018
Exposure of Sensitive Information to an Unauthorized Actor in Apache hive Low
CVE-2018-1284 was published for org.apache.hive:hive (Maven) Nov 21, 2018
MarkLee131
SSL Validation Defaults to False in electron-packager Low
CVE-2016-10534 was published for electron-packager (npm) Feb 18, 2019
Malicious URL drafting attack against iodines static file server may allow path traversal Low
CVE-2024-22050 was published for iodine (RubyGems) Oct 7, 2019
Log injection in SimpleSAMLphp Low
CVE-2020-5225 was published for simplesamlphp/simplesamlphp (Composer) Jan 24, 2020
Link injection in SimpleSAMLphp Low
GHSA-2r3v-q9x3-7g46 was published for simplesamlphp/simplesamlphp (Composer) Jan 24, 2020
hyp3rlinx
Vyper interfaces returning integer types less than 256 bits can be manipulated if uint256 is used Low
GHSA-mr6r-mvw4-736g was published for vyper (pip) Mar 25, 2020
montyly
Cross-site Scripting in October Low
CVE-2020-4061 was published for october/backend (Composer) Jul 2, 2020
tomaszstrojny
Path Traversal in openapi-python-client Low
CVE-2020-15141 was published for openapi-python-client (pip) Aug 20, 2020
pawamoy emann
Command Injection in ascii-art Low
GHSA-9hqj-38j2-5jgm was published for ascii-art (npm) Sep 1, 2020
Prototype Pollution in @hapi/hoek Low
GHSA-22h7-7wwg-qmgg was published for @hapi/hoek (npm) Sep 4, 2020
Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request Low
CVE-2020-15239 was published for xmpp-http-upload (pip) Oct 6, 2020
ChristianTacke
Memory exhaustion in http4s-async-http-client with large or malicious compressed responses Low
GHSA-8hxh-r6f7-jf45 was published for org.http4s:http4s-async-http-client_2.12 (Maven) Oct 16, 2020
leonardosantosklarna ashwinbhaskar
Open redirect in Jupyter Notebook Low
CVE-2020-26215 was published for notebook (pip) Nov 18, 2020
`aiohttp` Open Redirect vulnerability (`normalize_path_middleware` middleware) Low
CVE-2021-21330 was published for aiohttp (pip) Feb 26, 2021
jelmer g147
User content sandbox can be confused into opening arbitrary documents Low
CVE-2021-21320 was published for matrix-react-sdk (npm) Mar 3, 2021
keerok
URL Redirection to Untrusted Site ('Open Redirect') in Products.PluggableAuthService Low
CVE-2021-21337 was published for Products.PluggableAuthService (pip) Mar 8, 2021
jugmac00 xoffense
CSRF Vuln can expose user's QRcode Low
GHSA-fxq4-r6mr-9x64 was published for Flask-Security-Too (pip) Apr 8, 2021
Local directory executable lookup in sops (Windows-only) Low
GHSA-x5c7-x7m2-rhmf was published for go.mozilla.org/sops/v3 (Go) May 20, 2021
Ry0taK
Division by zero in `Conv3D` Low
CVE-2021-29517 was published for tensorflow (pip) May 21, 2021
OOB read in `MatrixTriangularSolve` Low
CVE-2021-29551 was published for tensorflow (pip) May 21, 2021
Crash due to malformed relay protocol message Low
CVE-2021-21404 was published for github.com/syncthing/syncthing (Go) May 21, 2021
Improper Sanitizing of plugin names in helm Low
CVE-2020-15186 was published for helm.sh/helm (Go) May 24, 2021
Improper Neutralization of Special Elements used in a Command ('Command Injection') in @floffah/build Low
GHSA-jcgr-9698-82jx was published for @floffah/build (npm) May 28, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database