Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,153
Maven
5,000+
npm
3,818
NuGet
693
pip
3,492
Pub
12
RubyGems
902
Rust
903
Swift
38
Unreviewed advisories
All unreviewed
5,000+

124,973 advisories

Loading
A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.254), Parasolid V36... Moderate Unreviewed
CVE-2024-26276 was published Apr 9, 2024
Cross-Site Request Forgery in Anchor CMS Moderate
CVE-2024-29338 was published for anchorcms/anchor-cms (Composer) Mar 22, 2024
registry-support: decompress can delete files outside scope via relative paths Moderate
CVE-2024-1485 was published for github.com/devfile/registry-support/registry-library (Go) Feb 14, 2024
cebarks
Mattermost Jira Plugin does not properly check security levels Moderate
CVE-2024-24774 was published for github.com/mattermost/mattermost-plugin-jira (Go) Feb 9, 2024
Infinispan caches credentials in clear text Moderate
CVE-2023-5384 was published for org.infinispan:infinispan-cachestore-jdbc (Maven) Dec 28, 2023
A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE... Moderate Unreviewed
CVE-2023-44321 was published Nov 14, 2023
In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC... Moderate Unreviewed
CVE-2023-24477 was published Aug 9, 2023
Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error Moderate
CVE-2023-34110 was published for Flask-AppBuilder (pip) Jun 22, 2023
msegoviag
Insufficient validation when decoding a Socket.IO packet Moderate
CVE-2023-32695 was published for socket.io-parser (npm) May 23, 2023
rafax00 darrachequesne
A vulnerability was found in FastCMS 0.1.0. It has been classified as critical. Affected is an... Moderate Unreviewed
CVE-2023-0651 was published Feb 2, 2023
JSZip contains Path Traversal via loadAsync Moderate
CVE-2022-48285 was published for jszip (npm) Jan 29, 2023
Exposure of Sensitive information in httpie Moderate
CVE-2022-0430 was published for httpie (pip) Mar 16, 2022
Improper Authorization in cobbler Moderate
CVE-2022-0860 was published for cobbler (pip) Mar 11, 2022
ysf
Potential bypass of an upstream access control based on URL paths in Django Moderate
CVE-2021-44420 was published for Django (pip) Dec 9, 2021
JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form> Moderate
CVE-2021-32797 was published for jupyterlab (pip) Aug 23, 2021
0xDeva
Potential Denial-of-Service in bindata Moderate
CVE-2021-32823 was published for bindata (RubyGems) Jun 23, 2021
Reflected cross-site scripting issue in Datasette Moderate
CVE-2021-32670 was published for datasette (pip) Jun 7, 2021
Code Injection, Race Condition, and Execution with Unnecessary Privileges in Ansible Moderate
CVE-2020-10684 was published for ansible (pip) Apr 7, 2021
Incorrect Permission Assignment for Critical Resource in Ansible Moderate
CVE-2020-1736 was published for ansible (pip) Feb 9, 2022
Improper Verification of Cryptographic Signature in ansible Moderate
CVE-2020-14365 was published for ansible (pip) Apr 20, 2021
Django Incorrect Default Permissions Moderate
CVE-2020-24584 was published for django (pip) Mar 18, 2021
sunSUNQ
Timing attack on django-basic-auth-ip-whitelist Moderate
CVE-2020-4071 was published for django-basic-auth-ip-whitelist (pip) Jun 23, 2020
thibaudcolas
An Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH v2... Moderate Unreviewed
CVE-2024-44765 was published Nov 8, 2024
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy... Moderate Unreviewed
CVE-2024-47909 was published Nov 12, 2024
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy... Moderate Unreviewed
CVE-2024-47905 was published Nov 12, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database