GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,084
Erlang
29
GitHub Actions
19
Go
1,910
Maven
5,000+
npm
3,646
NuGet
638
pip
3,261
Pub
10
RubyGems
870
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,120 advisories
Filter by severity
Cross-Site Request Forgery (CSRF) in Luigi
High
CVE-2018-1000843
was published
for
luigi
(pip)
Dec 20, 2018
markdown-it-py Denial of Service vulnerability in the command line interface
High
CVE-2023-26302
was published
for
markdown-it-py
(pip)
Feb 23, 2023
mat2 before 0.13.0 allows directory traversal during the ZIP archive cleaning process.
High
CVE-2022-35410
was published
for
mat2
(pip)
Jul 12, 2022
mako is vulnerable to Regular Expression Denial of Service
High
CVE-2022-40023
was published
for
mako
(pip)
Sep 16, 2022
Duplicate Advisory: Lemur subject to insecure random generation
High
GHSA-r4xg-4wrv-w72h
was published
for
lemur
(pip)
Apr 19, 2023
•
withdrawn
Lemur subject to insecure random generation
High
CVE-2023-30797
was published
for
lemur
(pip)
Mar 1, 2023
RestrictedPython information leakage via `AttributeError.obj` and the `string` module
High
CVE-2024-47532
was published
for
RestrictedPython
(pip)
Sep 30, 2024
markdown2 Regular Expression Denial of Service
High
CVE-2021-26813
was published
for
markdown2
(pip)
Jun 2, 2021
markdown-it-py Denial of Service vulnerability
High
CVE-2023-26303
was published
for
markdown-it-py
(pip)
Feb 23, 2023
Synapse Denial of service due to incorrect application of event authorization rules during state resolution
High
CVE-2022-39374
was published
for
matrix-synapse
(pip)
May 24, 2023
Denial of service due to incorrect application of event authorization rules
High
CVE-2022-31152
was published
for
matrix-synapse
(pip)
Aug 31, 2022
Open redirect via transitional IPv6 addresses on dual-stack networks
High
CVE-2021-21392
was published
for
matrix-synapse
(pip)
Apr 13, 2021
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths
High
CVE-2022-31052
was published
for
matrix-synapse
(pip)
Jun 29, 2022
Denial of service attack due to invalid JSON
High
CVE-2020-26890
was published
for
matrix-synapse
(pip)
Nov 24, 2020
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG
High
CVE-2019-11842
was published
for
matrix-sydent
(pip)
May 24, 2022
Mercurial vulnerable to arbitrary code execution when converting Git repos
High
CVE-2016-3105
was published
for
mercurial
(pip)
May 17, 2022
MoinMoin Exposure of Sensitive Disclosure when GATEWAY_INTERFACE variable is set
High
CVE-2010-0667
was published
for
moin
(pip)
May 2, 2022
Mercurial has Incorrect Permission Assignment for Critical Resource
High
CVE-2017-9462
was published
for
mercurial
(pip)
Jul 13, 2018
ProTip!
Advisories are also available from the
GraphQL API