Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,122 advisories

Loading
Use of insecure temporary file in Horovod High
CVE-2022-0315 was published for horovod (pip) Mar 29, 2022
JamieSlome ashahab
HPACK Denial of Service vulnerability (HPACK Bomb) High
CVE-2016-6581 was published for hpack (pip) Jul 5, 2019
graphite.composer.views.send_email vulnerable to SSRF High
CVE-2017-18638 was published for graphite-web (pip) Oct 25, 2019
JLLeitschuh alex
orangetw
GramAddict bot uses dependency with reverse tcp backdoor High
CVE-2020-36245 was published for GramAddict (pip) May 24, 2022
Code injection in FreeIPA High
CVE-2019-14867 was published for freeipa (pip) Dec 6, 2021
HTTPie allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack High
CVE-2023-48052 was published for httpie (pip) Nov 16, 2023
Uncontrolled Resource Consumption in Indy Node High
CVE-2020-11090 was published for indy-node (pip) Jun 11, 2020
Indico Tampering with links (e.g. password reset) in sent emails High
CVE-2021-30185 was published for indico (pip) Apr 8, 2021
Regular Expression Denial of Service (REDoS) in httplib2 High
CVE-2021-21240 was published for httplib2 (pip) Feb 8, 2021
b-c-ds
Exposure of sensitive information to an unauthorized actor in HyperKitty High
CVE-2021-33038 was published for HyperKitty (pip) Jun 1, 2021
westonsteimel
IPython Notebook vulnerable to improper validation of the origin of websocket requests High
CVE-2014-3429 was published for ipython (pip) May 14, 2022
JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form> High
CVE-2021-32797 was published for jupyterlab (pip) Aug 23, 2021
0xDeva
Refuel Autolab Eval Injection vulnerability High
CVE-2024-27320 was published for refuel-autolabel (pip) Sep 12, 2024
Matrix Synapse Predictable Secret Key High
CVE-2019-5885 was published for matrix-synapse (pip) May 13, 2022
Sydent vulnerable to denial of service attack via memory exhaustion High
CVE-2021-29430 was published for matrix-sydent (pip) Apr 19, 2021
Path traversal in Matrix Synapse High
CVE-2021-41281 was published for matrix-synapse (pip) Nov 23, 2021
Improper Verification of Cryptographic Signature in matrix-synapse High
CVE-2019-18835 was published for matrix-synapse (pip) May 24, 2022
westonsteimel
python-multipart vulnerable to Content-Type Header ReDoS High
CVE-2024-24762 was published for python-multipart (pip) Feb 12, 2024
nicecatch2000 Kludex
amita-seal
Denial of service attack via incorrect parameters in Matrix Synapse High
CVE-2020-26257 was published for matrix-synapse (pip) Dec 9, 2020
Incorrect Privilege Assignment in Jinja2 High
CVE-2014-1402 was published for Jinja2 (pip) May 14, 2022
Improper Input Validation in kdcproxy High
CVE-2015-5159 was published for kdcproxy (pip) Nov 1, 2018
Synapse does not apply enough checks to servers requesting auth events of events in a room High
CVE-2022-39335 was published for matrix-synapse (pip) May 24, 2023
Execution with Unnecessary Privileges in JupyterApp High
CVE-2022-39286 was published for jupyter-core (pip) Oct 26, 2022
mechanize Regular Expression Denial of Service vulnerability High
CVE-2021-32837 was published for mechanize (pip) Jan 18, 2023
Mercurial arbitrary code execution via a crafted git ext:: URL High
CVE-2016-3068 was published for mercurial (pip) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database