Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,339
Erlang
31
GitHub Actions
22
Go
2,099
Maven
5,000+
npm
3,763
NuGet
678
pip
3,448
Pub
12
RubyGems
892
Rust
883
Swift
37
Unreviewed advisories
All unreviewed
5,000+

1,329 advisories

Loading
upydev has weak encryption padding High
CVE-2023-48051 was published for upydev (pip) Nov 21, 2023
vantage6-server node accepts non-whitelisted algorithms from malicious server High
CVE-2023-47631 was published for vantage6-node (pip) Nov 14, 2023
incorrect storage layout for contracts containing large arrays High
CVE-2023-46247 was published for vyper (pip) Dec 13, 2023
Vyper vulnerable to memory corruption in certain builtins utilizing `msize` High
CVE-2023-42443 was published for vyper (pip) Sep 20, 2023
trocher
XBlock vulnerable to Cross-Site Scripting (XSS) High
CVE-2022-46147 was published for xblock-drag-and-drop-v2 (pip) Dec 2, 2022
Apache Doris hardcoded key and IV High
CVE-2022-23942 was published for pydoris (pip) Apr 27, 2022
Local Privilege Escalation in Windows High
CVE-2023-49797 was published for pyinstaller (pip) Dec 9, 2023
MotionEye allows attackers to access sensitive information High
CVE-2022-25568 was published for motioneye (pip) Mar 25, 2022
Koji blacklisted paths workaround High
CVE-2017-1002153 was published for koji (pip) May 13, 2022
rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks High
CVE-2022-3273 was published for rdiffweb (pip) Oct 6, 2022
Zope Command Execution Vulnerability High
CVE-2011-3587 was published for zope2 (pip) May 17, 2022
Plone anonymous access to sub-objects in CMFEditions where KwAsAttributes classes were publishable High
CVE-2011-4030 was published for Plone (pip) May 17, 2022
ADMesh improper array index validation High
CVE-2022-38072 was published for admesh (pip) Apr 3, 2023
Gentoo Portage does not verify X.509 certificates from SSL servers High
CVE-2013-2100 was published for portage (pip) May 17, 2022
PaddlePaddle heap buffer overflow in paddle.repeat_interleave High
CVE-2023-52309 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle stack overflow in paddle.linalg.lu_unpack High
CVE-2023-52307 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle stack overflow in paddle.searchsorted High
CVE-2023-52304 was published for PaddlePaddle (pip) Jan 3, 2024
JupyterHub OAuthenticator elevation of privilege High
CVE-2018-7206 was published for oauthenticator (pip) May 13, 2022
jhutchings1
Modoboa is vulnerable to an XML External Entity Injection (XXE) High
CVE-2019-19702 was published for modoboa-dmarc (pip) May 24, 2022
GitHub Security Lab (GHSL) Vulnerability Report: Arbitary write GHSL-2023-182 High
CVE-2023-50731 was published for mindsdb (pip) Dec 15, 2023
sylwia-budzynska
Jinja2 template injection in mlflow High
CVE-2023-6709 was published for mlflow (pip) Dec 12, 2023
Cross-site Scripting potential in custom links, job buttons, and computed fields High
CVE-2023-48705 was published for nautobot (pip) Nov 22, 2023
mlflow vulnerable to OS Command Injection High
CVE-2023-4033 was published for mlflow (pip) Aug 1, 2023
Label Studio Object Relational Mapper Leak Vulnerability in Filtering Task High
CVE-2023-47117 was published for label-studio (pip) Nov 14, 2023
alex-elttam
Cross-site Scripting Vulnerability on Avatar Upload High
CVE-2023-47115 was published for label-studio (pip) Jan 24, 2024
alex-elttam
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database