GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,122 advisories
Filter by severity
Use of insecure temporary file in Horovod
High
CVE-2022-0315
was published
for
horovod
(pip)
Mar 29, 2022
HPACK Denial of Service vulnerability (HPACK Bomb)
High
CVE-2016-6581
was published
for
hpack
(pip)
Jul 5, 2019
graphite.composer.views.send_email vulnerable to SSRF
High
CVE-2017-18638
was published
for
graphite-web
(pip)
Oct 25, 2019
GramAddict bot uses dependency with reverse tcp backdoor
High
CVE-2020-36245
was published
for
GramAddict
(pip)
May 24, 2022
HTTPie allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack
High
CVE-2023-48052
was published
for
httpie
(pip)
Nov 16, 2023
Uncontrolled Resource Consumption in Indy Node
High
CVE-2020-11090
was published
for
indy-node
(pip)
Jun 11, 2020
Indico Tampering with links (e.g. password reset) in sent emails
High
CVE-2021-30185
was published
for
indico
(pip)
Apr 8, 2021
Regular Expression Denial of Service (REDoS) in httplib2
High
CVE-2021-21240
was published
for
httplib2
(pip)
Feb 8, 2021
Exposure of sensitive information to an unauthorized actor in HyperKitty
High
CVE-2021-33038
was published
for
HyperKitty
(pip)
Jun 1, 2021
IPython Notebook vulnerable to improper validation of the origin of websocket requests
High
CVE-2014-3429
was published
for
ipython
(pip)
May 14, 2022
JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form>
High
CVE-2021-32797
was published
for
jupyterlab
(pip)
Aug 23, 2021
Refuel Autolab Eval Injection vulnerability
High
CVE-2024-27320
was published
for
refuel-autolabel
(pip)
Sep 12, 2024
Matrix Synapse Predictable Secret Key
High
CVE-2019-5885
was published
for
matrix-synapse
(pip)
May 13, 2022
Sydent vulnerable to denial of service attack via memory exhaustion
High
CVE-2021-29430
was published
for
matrix-sydent
(pip)
Apr 19, 2021
Path traversal in Matrix Synapse
High
CVE-2021-41281
was published
for
matrix-synapse
(pip)
Nov 23, 2021
Improper Verification of Cryptographic Signature in matrix-synapse
High
CVE-2019-18835
was published
for
matrix-synapse
(pip)
May 24, 2022
python-multipart vulnerable to Content-Type Header ReDoS
High
CVE-2024-24762
was published
for
python-multipart
(pip)
Feb 12, 2024
Denial of service attack via incorrect parameters in Matrix Synapse
High
CVE-2020-26257
was published
for
matrix-synapse
(pip)
Dec 9, 2020
Incorrect Privilege Assignment in Jinja2
High
CVE-2014-1402
was published
for
Jinja2
(pip)
May 14, 2022
Improper Input Validation in kdcproxy
High
CVE-2015-5159
was published
for
kdcproxy
(pip)
Nov 1, 2018
Synapse does not apply enough checks to servers requesting auth events of events in a room
High
CVE-2022-39335
was published
for
matrix-synapse
(pip)
May 24, 2023
Execution with Unnecessary Privileges in JupyterApp
High
CVE-2022-39286
was published
for
jupyter-core
(pip)
Oct 26, 2022
mechanize Regular Expression Denial of Service vulnerability
High
CVE-2021-32837
was published
for
mechanize
(pip)
Jan 18, 2023
Mercurial arbitrary code execution via a crafted git ext:: URL
High
CVE-2016-3068
was published
for
mercurial
(pip)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API