Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+

20,162 advisories

Loading
Improper Input Validation in Buildah and Podman Moderate
CVE-2024-9407 was published for github.com/containers/buildah (Go) Oct 1, 2024
Golang FIPS OpenSSL has a Use of Uninitialized Variable vulnerability High
CVE-2024-9355 was published for github.com/golang-fips/openssl/v2 (Go) Oct 1, 2024
Link Following in github.com/containers/common Moderate
CVE-2024-9341 was published for github.com/containers/common (Go) Oct 1, 2024
Grafana Agent (Flow mode) on Windows has Unquoted Search Path or Element vulnerability Moderate
CVE-2024-8996 was published for github.com/grafana/agent (Go) Sep 25, 2024
Grafana Alloy on Windows has Unquoted Search Path or Element vulnerability Moderate
CVE-2024-8975 was published for github.com/grafana/alloy (Go) Sep 25, 2024
Tonic has remotely exploitable denial of service vulnerability Moderate
CVE-2024-47609 was published for tonic (Rust) Oct 1, 2024
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload Low
CVE-2024-47528 was published for librenms/librenms (Composer) Oct 1, 2024
minhnq1618
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Dependencies" feature Moderate
CVE-2024-47527 was published for librenms/librenms (Composer) Oct 1, 2024
RaphaelCSS RaphaelCSSilva
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name High
CVE-2024-47524 was published for librenms/librenms (Composer) Oct 1, 2024
minhnq1618
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" feature Moderate
CVE-2024-47523 was published for librenms/librenms (Composer) Oct 1, 2024
RaphaelCSS RaphaelCSSilva
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Templates" feature Low
CVE-2024-47526 was published for librenms/librenms (Composer) Oct 1, 2024
RaphaelCSS RaphaelCSSilva
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Rules" feature Moderate
CVE-2024-47525 was published for librenms/librenms (Composer) Oct 1, 2024
RaphaelCSS RaphaelCSSilva
CRLF Injection in RestSharp's `RestRequest.AddHeader` method Moderate
CVE-2024-45302 was published for RestSharp (NuGet) Aug 29, 2024
sofiaml Static-Flow
Base class whitelist configuration ignored in OAuthenticator High
CVE-2020-26250 was published for oauthenticator (pip) Dec 1, 2020
Special Element Injection in notebook High
CVE-2021-32798 was published for notebook (pip) Aug 23, 2021
0xDeva
Numpy arbitrary file write via symlink attack High
CVE-2014-1859 was published for numpy (pip) May 14, 2022
jhutchings1
OAuth2 client ID and secret exposed through the web browser High
CVE-2024-9014 was published for pgadmin4 (pip) Sep 23, 2024
m3t3kh4n
Arbitrary file overwrite in OpenStack Nova High
CVE-2012-3447 was published for nova (pip) May 17, 2022
MoinMoin Cross-site Scripting (XSS) vulnerability Moderate
CVE-2016-7148 was published for moin (pip) May 17, 2022
Stored XSS in Jupyter nbdime Moderate
CVE-2021-41134 was published for nbdime (npm) Nov 8, 2021
Insufficient Protection against HTTP Request Smuggling in mitmproxy Critical
CVE-2022-24766 was published for mitmproxy (pip) Mar 22, 2022
zeyu2001
Mitmweb in mitmproxy allows DNS Rebinding attacks Critical
CVE-2018-14505 was published for mitmproxy (pip) Jul 31, 2018
MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form High
CVE-2023-34457 was published for MechanicalSoup (pip) Jul 5, 2023
e-c-d
modoboa Cross-site Scripting vulnerability Critical
CVE-2023-5688 was published for modoboa (pip) Oct 20, 2023
modoboa Cross-site Scripting vulnerability High
CVE-2023-5689 was published for modoboa (pip) Oct 20, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database