Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

169 advisories

Arbitrary system path lookup in h20 Moderate
CVE-2024-5550 was published for h2o (pip) Jun 6, 2024
Jupyter server on Windows discloses Windows user password hash High
CVE-2024-35178 was published for jupyter_server (pip) Jun 6, 2024
nvn1729
Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints Moderate
CVE-2024-35189 was published for ethyca-fides (pip) Jun 2, 2024
adamsachs
jupyter-scheduler's endpoint is missing authentication Moderate
CVE-2024-28188 was published for jupyter-scheduler (pip) May 23, 2024
krassowski Carreau
andrii-i dlqqq yuvipanda
XML External Entity (XXE) in Django Moderate
CVE-2013-1665 was published for Django (pip) May 17, 2022
MarkLee131
Scrapy leaks the authorization header on same-domain but cross-origin redirects Moderate
CVE-2024-1968 was published for Scrapy (pip) May 14, 2024
Szarny
Duplicate Advisory: Scrapy leaks the authorization header on same-domain but cross-origin redirects High
GHSA-cg34-w3fm-82h3 was published for scrapy (pip) May 20, 2024 withdrawn
Django Reuses Cached CSRF Token Moderate
CVE-2014-0473 was published for django (pip) May 17, 2022
MarkLee131
Django data leakage via querystring manipulation in admin Low
CVE-2014-0483 was published for Django (pip) May 14, 2022
MarkLee131
OpenStack Glance is vulnerable to Exposure of Sensitive Information Low
CVE-2013-1840 was published for glance (pip) May 17, 2022
OpenStack Nova Information leak in libvirt LVM-backed instances Moderate
CVE-2012-5625 was published for nova (pip) May 17, 2022
OpenStack Nova Router metadata queries are not restricted by tenant Moderate
CVE-2013-6419 was published for nova (pip) May 17, 2022
OpenStack Nova Live migration can leak root disk into ephemeral storage High
CVE-2013-7130 was published for nova (pip) May 17, 2022
OpenStack Cinder file disclosure in image convert Moderate
CVE-2015-1851 was published for cinder (pip) May 17, 2022
OpenStack Cinder LVMVolumeDriver does not zero deleted snapshots Low
CVE-2013-4183 was published for cinder (pip) May 17, 2022
OpenStack Oslo utility sensitive information exposure via log files Low
CVE-2014-7231 was published for oslo.utils (pip) May 14, 2022
OpenStack Keystone Sensitive information disclosure via log files Low
CVE-2013-2006 was published for keystone (pip) May 17, 2022
OpenStack Nova host data leak to vm instance in rescue mode Low
CVE-2014-0134 was published for nova (pip) May 17, 2022
OpenStack Nova host data access through resize/migration Moderate
CVE-2016-2140 was published for nova (pip) May 14, 2022
OpenStack Nova Potential Xen connection password leak via StorageError Moderate
CVE-2015-8749 was published for nova (pip) May 14, 2022
OpenStack Identity Keystone Exposure of Sensitive Information Moderate
CVE-2014-3621 was published for keystone (pip) May 13, 2022
OpenStack Ironic Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2016-4985 was published for ironic (pip) May 13, 2022
Openstack nova qcow format could expose host filesystem information Low
CVE-2011-3147 was published for nova (pip) Apr 22, 2022
OpenStack Nova can leak consoleauth token into log files Low
CVE-2015-9543 was published for Nova (pip) May 24, 2022
OpenStack Nova Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2011-4076 was published for nova (pip) Apr 22, 2022
ProTip! Advisories are also available from the GraphQL API