GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,678
NuGet
645
pip
3,297
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
20,342 advisories
Filter by severity
Exposure of Resource to Wrong Sphere in salt
High
CVE-2021-21996
was published
for
salt
(pip)
Nov 21, 2021
SaltStack Salt Improper Authentication via Man in the Middle Attack
Low
CVE-2022-22935
was published
for
salt
(pip)
Mar 30, 2022
SaltStack Salt Denial of Service via a crafted authentication request
High
CVE-2017-14696
was published
for
salt
(pip)
May 17, 2022
SaltStack Salt Authentication Bypass by Capture-replay
High
CVE-2022-22936
was published
for
salt
(pip)
Mar 30, 2022
SaltStack Salt Allows creating certificates with weak file permissions
Moderate
CVE-2020-17490
was published
for
salt
(pip)
May 24, 2022
SaltStack Salt Command Injection in netapi ssh client
Critical
CVE-2020-16846
was published
for
salt
(pip)
May 24, 2022
SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi
Critical
CVE-2020-25592
was published
for
salt
(pip)
May 24, 2022
SaltStack Salt is vulnerable to command injection
Critical
CVE-2019-17361
was published
for
salt
(pip)
May 24, 2022
Memory leaks in code encrypting and verifying RSA payloads
High
CVE-2024-1394
was published
for
github.com/golang-fips/go
(Go)
Mar 20, 2024
Exposure of Sensitive Information to an Unauthorized Actor in Requests
Moderate
CVE-2014-1830
was published
for
requests
(pip)
May 14, 2022
Roundup Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2012-6132
was published
for
roundup
(pip)
May 17, 2022
Roundup Cross-site scripting (XSS) vulnerability
Moderate
CVE-2012-6131
was published
for
roundup
(pip)
May 17, 2022
Salt uses weak permissions on the cache data
Low
CVE-2015-8034
was published
for
salt
(pip)
May 17, 2022
Python-RSA decryption of ciphertext leads to DoS
High
CVE-2020-13757
was published
for
rsa
(pip)
Mar 24, 2021
Python RSA allows attackers to spoof signatures
Moderate
CVE-2016-1494
was published
for
rsa
(pip)
May 14, 2022
Restkit Does Not Validate TLS certificates
Moderate
CVE-2015-2674
was published
for
restkit
(pip)
May 17, 2022
salt password information leaked in debug logs
Critical
CVE-2015-6941
was published
for
salt
(pip)
May 17, 2022
Salt improper handling of tmp files
Moderate
CVE-2015-1838
was published
for
salt
(pip)
May 17, 2022
Moderate severity vulnerability that affects roundup
Moderate
CVE-2019-10904
was published
for
roundup
(pip)
Apr 9, 2019
SQL injection in funadmin
High
CVE-2024-48231
was published
for
funadmin/funadmin
(Composer)
Oct 21, 2024
Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present
Moderate
CVE-2024-47825
was published
for
github.com/cilium/cilium
(Go)
Oct 21, 2024
Absolute path traversal vulnerability in digdag server
Moderate
CVE-2024-25125
was published
for
io.digdag:digdag-server
(Maven)
Feb 14, 2024
Samly access control vulnerability
Critical
CVE-2024-25718
was published
for
Samly
(Erlang)
Feb 11, 2024
SaltStack has insecure /tmp file handling in salt/modules/chef.py
Moderate
CVE-2015-1839
was published
for
salt
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API