Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,121 advisories

Loading
Insecure Temporary File in mlflow High
CVE-2022-0736 was published for mlflow (pip) Feb 24, 2022
MoinMoin Exposure of Sensitive Disclosure when GATEWAY_INTERFACE variable is set High
CVE-2010-0667 was published for moin (pip) May 2, 2022
anonymous4ACL24
Mercurial vulnerable to arbitrary code execution when converting Git repos High
CVE-2016-3105 was published for mercurial (pip) May 17, 2022
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG High
CVE-2019-11842 was published for matrix-sydent (pip) May 24, 2022
westonsteimel
Denial of service attack due to invalid JSON High
CVE-2020-26890 was published for matrix-synapse (pip) Nov 24, 2020
dkasak
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths High
CVE-2022-31052 was published for matrix-synapse (pip) Jun 29, 2022
Open redirect via transitional IPv6 addresses on dual-stack networks High
CVE-2021-21392 was published for matrix-synapse (pip) Apr 13, 2021
mscherer
Denial of service due to incorrect application of event authorization rules High
CVE-2022-31152 was published for matrix-synapse (pip) Aug 31, 2022
Synapse Denial of service due to incorrect application of event authorization rules during state resolution High
CVE-2022-39374 was published for matrix-synapse (pip) May 24, 2023
markdown-it-py Denial of Service vulnerability High
CVE-2023-26303 was published for markdown-it-py (pip) Feb 23, 2023
markdown2 Regular Expression Denial of Service High
CVE-2021-26813 was published for markdown2 (pip) Jun 2, 2021
RestrictedPython information leakage via `AttributeError.obj` and the `string` module High
CVE-2024-47532 was published for RestrictedPython (pip) Sep 30, 2024
Quasar0147 dronex7070
d-maurer
Lemur subject to insecure random generation High
CVE-2023-30797 was published for lemur (pip) Mar 1, 2023
kjsman
Duplicate Advisory: Lemur subject to insecure random generation High
GHSA-r4xg-4wrv-w72h was published for lemur (pip) Apr 19, 2023 withdrawn
mako is vulnerable to Regular Expression Denial of Service High
CVE-2022-40023 was published for mako (pip) Sep 16, 2022
mat2 before 0.13.0 allows directory traversal during the ZIP archive cleaning process. High
CVE-2022-35410 was published for mat2 (pip) Jul 12, 2022
markdown-it-py Denial of Service vulnerability in the command line interface High
CVE-2023-26302 was published for markdown-it-py (pip) Feb 23, 2023
Cross-Site Request Forgery (CSRF) in Luigi High
CVE-2018-1000843 was published for luigi (pip) Dec 20, 2018
OpenStack Manila Unprivileged users can retrieve, use and manipulate share networks High
CVE-2020-9543 was published for manila (pip) May 24, 2022
Mailman Core vulnerable to timing attacks High
CVE-2021-34337 was published for mailman (pip) Apr 15, 2023
Mage-ai missing user authentication High
CVE-2023-31143 was published for mage-ai (pip) May 5, 2023
Improper Link Resolution Before File Access in logilab-commons High
CVE-2014-1838 was published for logilab-common (pip) May 14, 2022
LMDB invalid write High
CVE-2019-16226 was published for lmdb (pip) May 24, 2022
LIEF heap-buffer-overflow High
CVE-2021-32297 was published for lief (pip) May 24, 2022
py-lmdb Divide by Zero interruptions High
CVE-2019-16228 was published for lmdb (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database