GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
20,099 advisories
Filter by severity
protobuf-java has potential Denial of Service issue
High
CVE-2024-7254
was published
for
com.google.protobuf:protobuf-java
(RubyGems)
Sep 19, 2024
Puma's header normalization allows for client to clobber proxy set headers
Moderate
CVE-2024-45614
was published
for
puma
(RubyGems)
Sep 20, 2024
Navidrome has Multiple SQL Injections and ORM Leak
Critical
CVE-2024-47062
was published
for
github.com/navidrome/navidrome
(Go)
Sep 20, 2024
Plate allows arbitrary DOM attributes in element.attributes and leaf.attributes
High
CVE-2024-47061
was published
for
@udecode/plate-core
(npm)
Sep 20, 2024
Prevent XSS from Confidant API call
Moderate
CVE-2024-45793
was published
for
confidant
(pip)
Sep 20, 2024
OPA for Windows has an SMB force-authentication vulnerability
Moderate
CVE-2024-8260
was published
for
github.com/open-policy-agent/opa
(Go)
Aug 30, 2024
HTTPie allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack
High
CVE-2023-48052
was published
for
httpie
(pip)
Nov 16, 2023
Cross-site Scripting in invenio-communities
Moderate
CVE-2019-1020005
was published
for
invenio-communities
(pip)
Jul 16, 2019
Improper Input Validation in Jupyter Notebook
Critical
CVE-2015-7337
was published
for
ipython
(pip)
May 17, 2022
Exposure of Sensitive information in httpie
Low
CVE-2022-0430
was published
for
httpie
(pip)
Mar 16, 2022
OpenStack Horizon Open redirect in workflow forms
Moderate
CVE-2020-29565
was published
for
horizon
(pip)
May 24, 2022
Improper Neutralization of Formula Elements in a CSV File in html-2-csv
Moderate
CVE-2021-23654
was published
for
html-to-csv
(pip)
Nov 30, 2021
Horizon Web Dashboard Open Redirect vulnerability
Moderate
CVE-2022-45582
was published
for
horizon
(pip)
Aug 22, 2023
GramAddict bot uses dependency with reverse tcp backdoor
High
CVE-2020-36245
was published
for
GramAddict
(pip)
May 24, 2022
graphite.composer.views.send_email vulnerable to SSRF
High
CVE-2017-18638
was published
for
graphite-web
(pip)
Oct 25, 2019
Update share links to use FRP instead of SSH tunneling
Moderate
CVE-2023-25823
was published
for
gradio
(pip)
Feb 23, 2023
HPACK Denial of Service vulnerability (HPACK Bomb)
High
CVE-2016-6581
was published
for
hpack
(pip)
Jul 5, 2019
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted PyPI package
Moderate
CVE-2022-23531
was published
for
guarddog
(pip)
Dec 2, 2022
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package
Moderate
CVE-2022-23530
was published
for
guarddog
(pip)
Dec 5, 2022
Use of insecure temporary file in Horovod
High
CVE-2022-0315
was published
for
horovod
(pip)
Mar 29, 2022
graphite-web is vulnerable to Remote Code Execution
Critical
CVE-2013-5942
was published
for
graphite-web
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API