GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
159 advisories
Filter by severity
Maliciously Crafted Model Archive Can Lead To Arbitrary File Write
High
CVE-2021-41127
was published
for
rasa
(pip)
Oct 22, 2021
Improper Input Validation in python-dbusmock
High
CVE-2015-1326
was published
for
python-dbusmock
(pip)
Apr 23, 2019
Uncontrolled Resource Consumption in Pillow
High
CVE-2021-28677
was published
for
Pillow
(pip)
Jun 8, 2021
Pygments vulnerable to Regular Expression Denial of Service (ReDoS)
High
CVE-2021-27291
was published
for
Pygments
(pip)
Mar 29, 2021
Pipenv's requirements.txt parsing allows malicious index url in comments
High
CVE-2022-21668
was published
for
pipenv
(pip)
Jan 12, 2022
Gradio has a race condition in update_root_in_config may redirect user traffic
High
CVE-2024-47870
was published
for
gradio
(pip)
Oct 10, 2024
Gradio lacks integrity checking on the downloaded FRP client
High
CVE-2024-47867
was published
for
gradio
(pip)
Oct 10, 2024
Gradios's CORS origin validation is not performed when the request has a cookie
High
CVE-2024-47084
was published
for
gradio
(pip)
Oct 10, 2024
Yelp OSXCollector Improper Certificate Validation
High
CVE-2018-10406
was published
for
osxcollector
(pip)
May 13, 2022
openapi-python-client Arbitrary Code Generation vulnerability
High
CVE-2020-15142
was published
for
openapi-python-client
(pip)
Aug 20, 2020
OctoPrint vulnerable to Improper Neutralization of Special Elements Used in a Template Engine
High
CVE-2023-41047
was published
for
OctoPrint
(pip)
Oct 10, 2023
pretix Stored Cross-site Scripting vulnerability
High
CVE-2024-8113
was published
for
pretix
(pip)
Aug 23, 2024
MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form
High
CVE-2023-34457
was published
for
MechanicalSoup
(pip)
Jul 5, 2023
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths
High
CVE-2022-31052
was published
for
matrix-synapse
(pip)
Jun 29, 2022
Synapse Denial of service due to incorrect application of event authorization rules during state resolution
High
CVE-2022-39374
was published
for
matrix-synapse
(pip)
May 24, 2023
markdown2 Regular Expression Denial of Service
High
CVE-2021-26813
was published
for
markdown2
(pip)
Jun 2, 2021
OpenStack Keystone EC2 and/or credential endpoints are not protected from a scoped context
High
CVE-2020-12689
was published
for
keystone
(pip)
May 24, 2022
Jupyter Notebook file bypasses sanitization, executes JavaScript
High
CVE-2018-8768
was published
for
notebook
(pip)
Jul 12, 2018
OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID
High
CVE-2020-12691
was published
for
keystone
(pip)
May 24, 2022
Openstack ironic-inspector has SQL injection vulnerability in node_cache
High
CVE-2019-10141
was published
for
ironic-inspector
(pip)
May 24, 2022
Inefficient Regular Expression Complexity in nltk (word_tokenize, sent_tokenize)
High
CVE-2021-43854
was published
for
nltk
(pip)
Jan 6, 2022
Nautobot vulnerable to remote code execution via Jinja2 template rendering
High
CVE-2023-25657
was published
for
nautobot
(pip)
Feb 22, 2023
mindsdb arbitrary file write when extracting a remotely retrieved Tarball
High
CVE-2023-30620
was published
for
mindsdb
(pip)
Mar 30, 2023
ProTip!
Advisories are also available from the
GraphQL API