GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,995 advisories
Filter by severity
Request smuggling leading to endpoint restriction bypass in Gunicorn
High
CVE-2024-1135
was published
for
gunicorn
(pip)
Apr 16, 2024
XML External Entity (XXE) in Django
Moderate
CVE-2013-1665
was published
for
Django
(pip)
May 17, 2022
RunGptLLM class in LlamaIndex has a command injection
High
CVE-2024-4181
was published
for
llama-index
(pip)
May 16, 2024
Openstack Aodh can be used to launder Keystone trusts
High
CVE-2017-12440
was published
for
aodh
(pip)
May 13, 2022
OpenStack Identity (Keystone) Denial of Service
Moderate
CVE-2013-2014
was published
for
keystone
(pip)
May 13, 2022
OpenStack Nova Denial of service attack on the compute host
High
CVE-2017-18191
was published
for
nova
(pip)
May 13, 2022
MoinMoin Multiple cross-site scripting (XSS) vulnerabilities
Moderate
CVE-2007-0857
was published
for
moin
(pip)
May 1, 2022
Apache Airflow: XSS vulnerability in Task Instance Log/Log Details
Moderate
CVE-2024-32077
was published
for
apache-airflow
(pip)
May 14, 2024
OpenStack Glance Server-Side Request Forgery (SSRF)
Moderate
CVE-2017-7200
was published
for
glance
(pip)
May 17, 2022
Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library
Moderate
CVE-2022-30187
was published
for
Azure.Storage.Blobs
(Maven)
Jul 13, 2022
jupyter-scheduler's endpoint is missing authentication
Moderate
CVE-2024-28188
was published
for
jupyter-scheduler
(pip)
May 23, 2024
vantage6 collaboration admins can extend their influence by expanding the collaboration
Low
CVE-2024-32969
was published
for
vantage6
(pip)
May 22, 2024
glance-store logs s3 access keys
Moderate
CVE-2024-1141
was published
for
glance-store
(pip)
Feb 1, 2024
NASA AIT-Core uses unencrypted channels to exchange data over the network
High
CVE-2024-35061
was published
for
ait-core
(pip)
May 21, 2024
Django Regex Algorithmic Complexity Causes Denial of Service
Moderate
CVE-2009-3695
was published
for
Django
(pip)
May 2, 2022
DoS with algorithms that use PBKDF2 due to unbounded PBES2 Count value
Moderate
CVE-2023-6681
was published
for
jwcrypto
(pip)
Dec 28, 2023
Ansible-core information disclosure flaw
Moderate
CVE-2024-0690
was published
for
ansible-core
(pip)
Feb 6, 2024
NASA AIT-Core vulnerable to remote code execution
Critical
CVE-2024-35059
was published
for
ait-core
(pip)
May 21, 2024
Django vulnerable to Denial of Service via i18n middleware component
Low
CVE-2007-5712
was published
for
Django
(pip)
May 1, 2022
Django Cross-site scripting (XSS) vulnerability
Moderate
CVE-2008-2302
was published
for
django
(pip)
May 1, 2022
Django cross-site request forgery (CSRF) vulnerability
Moderate
CVE-2008-3909
was published
for
django
(pip)
May 2, 2022
Improper query string handling in Django
Moderate
CVE-2010-4534
was published
for
django
(pip)
Jul 23, 2018
ProTip!
Advisories are also available from the
GraphQL API