Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

3,383 advisories

Loading
Mayan EDMS DMS XSS vulnerability Moderate
CVE-2022-47419 was published for mayan-edms (pip) Feb 8, 2023
Mayan EDMS multiple cross-site scripting (XSS) vulnerabilities Moderate
CVE-2014-3840 was published for mayan-edms (pip) May 17, 2022
PyDrive2's unsafe YAML deserialization in LoadSettingsFile allows arbitrary code execution Low
CVE-2023-49297 was published for PyDrive2 (pip) Dec 5, 2023
ejedev
MotionEye allows attackers to access sensitive information High
CVE-2022-25568 was published for motioneye (pip) Mar 25, 2022
Ipsilon denial of service via a duplicate SP name Moderate
CVE-2015-5217 was published for ipsilon (pip) May 17, 2022
Ipsilon denial of service by deleting a SAML2 Service Provider (SP) Moderate
CVE-2015-5301 was published for ipsilon (pip) May 17, 2022
Server-Side Request Forgery in Plone CMS High
CVE-2021-33926 was published for Plone (pip) Feb 17, 2023
safeurl-python contains Server-Side Request Forgery Moderate
CVE-2023-24622 was published for safeurl-python (pip) Jan 27, 2023
whoissecure
Koji blacklisted paths workaround High
CVE-2017-1002153 was published for koji (pip) May 13, 2022
OpenStack Glance logs user name and password in cleartext Moderate
CVE-2013-0212 was published for glance (pip) May 5, 2022
Missing rate limit on rdiffweb Critical
CVE-2022-3439 was published for rdiffweb (pip) Oct 14, 2022
Missing rate limit on rdiffweb Moderate
CVE-2022-3456 was published for rdiffweb (pip) Oct 14, 2022
Origin Validation Error in rdiffweb Critical
CVE-2022-3457 was published for rdiffweb (pip) Oct 14, 2022
rdiffweb vulnerable to Open Redirect Moderate
CVE-2022-3438 was published for rdiffweb (pip) Oct 10, 2022
rdiffweb allows a new password to be the same as the previous password Moderate
CVE-2022-3376 was published for rdiffweb (pip) Oct 6, 2022
rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks High
CVE-2022-3273 was published for rdiffweb (pip) Oct 6, 2022
python-scciclient vulnerable to Man-in-the-middle (MITM) attacks High
CVE-2022-2996 was published for python-scciclient (pip) Sep 2, 2022
Bots using py-cord as Discord API wrapper are vulnerable to shutdowns through remote code execution High
CVE-2022-36024 was published for py-cord (pip) Aug 18, 2022
NeloBlivion BobDotCom
GoLismero symlink attack Low
CVE-2012-0054 was published for golismero (pip) May 4, 2022
Buffer over-flow in Pillow High
CVE-2022-30595 was published for Pillow (pip) May 26, 2022
sunSUNQ
Libextractor multiple heap-based buffer overflows Moderate
CVE-2006-2458 was published for extractor (pip) May 1, 2022
Zope Command Execution Vulnerability High
CVE-2011-3587 was published for zope2 (pip) May 17, 2022
Galaxy cross-site scripting (XSS) Moderate
CVE-2018-1000516 was published for galaxy-app (pip) May 14, 2022
Plone anonymous access to sub-objects in CMFEditions where KwAsAttributes classes were publishable High
CVE-2011-4030 was published for Plone (pip) May 17, 2022
OpenStack Swift Discloses Secret URLs to Timing Attack Moderate
CVE-2014-0006 was published for swift (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database