GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,135 advisories
Filter by severity
Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacks
Low
CVE-2023-47641
was published
for
aiohttp
(pip)
Nov 14, 2023
Mattermost allows remote actor to set arbitrary RemoteId values for synced users
Low
CVE-2024-41926
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Flask-AppBuilder's login form allows browser to cache sensitive fields
Low
CVE-2024-45314
was published
for
flask-appbuilder
(pip)
Sep 4, 2024
sigstore-go has an unbounded loop over untrusted input can lead to endless data attack
Low
CVE-2024-45395
was published
for
github.com/sigstore/sigstore-go
(Go)
Sep 4, 2024
runc can be confused to create empty files/directories on the host
Low
CVE-2024-45310
was published
for
github.com/opencontainers/runc
(Go)
Sep 3, 2024
Libcloud does not properly scrub data when destroying a DigitalOcean node
Low
CVE-2013-6480
was published
for
apache-libcloud
(pip)
May 14, 2022
ceph-deploy uses world-readable permissions on client.admin key
Low
CVE-2015-4053
was published
for
ceph-deploy
(pip)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Ansible
Low
CVE-2020-1739
was published
for
ansible
(pip)
Apr 7, 2021
Mattermost incorrectly allows access individual posts
Low
CVE-2024-1952
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
AngularJS allows attackers to bypass common image source restrictions
Low
CVE-2024-8373
was published
for
angular
(npm)
Sep 9, 2024
AngularJS allows attackers to bypass common image source restrictions
Low
CVE-2024-8372
was published
for
angular
(npm)
Sep 9, 2024
Duplicate Advisory: Keycloak: Leak of configured LDAP bind credentials
Low
GHSA-gmrm-8fx4-66x7
was published
for
org.keycloak:keycloak-core
(Maven)
Jun 18, 2024
•
withdrawn
Jetty's OpenId Revoked authentication allows one request
Low
CVE-2023-41900
was published
for
org.eclipse.jetty:jetty-openid
(Maven)
Sep 15, 2023
Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations
Low
GHSA-58qw-p7qm-5rvh
was published
for
org.eclipse.jetty:jetty-xml
(Maven)
Jul 10, 2023
Incorrect Permission Assignment for Critical Resource in Ansible
Low
CVE-2020-1736
was published
for
ansible
(pip)
Feb 9, 2022
Apache Airflow logs passwords in plaintext
Low
CVE-2020-17511
was published
for
apache-airflow
(pip)
Dec 17, 2020
ceph-deploy allows local users to obtain sensitive information by reading the file
Low
CVE-2015-3010
was published
for
ceph-deploy
(pip)
May 17, 2022
Cabot Cross Site Scripting (XSS) vulnerability via Endpoint column
Low
CVE-2020-7734
was published
for
cabot
(pip)
May 24, 2022
Cloudtoken Insufficiently Protects Credentials
Low
CVE-2018-13390
was published
for
cloudtoken
(pip)
May 13, 2022
changedetection.io API endpoint is not secured with API token
Low
CVE-2024-23329
was published
for
changedetection.io
(pip)
Jan 23, 2024
cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code
Low
CVE-2024-22194
was published
for
case-utils
(pip)
Jan 11, 2024
Multiple soundness issues in lexical
Low
GHSA-c2hm-mjxv-89r4
was published
for
lexical
(Rust)
Sep 4, 2023
lexical-core has multiple soundness issues
Low
GHSA-2326-pfpj-vx3h
was published
for
lexical-core
(Rust)
Sep 16, 2024
Mattermost Desktop App fails to safeguard screen capture functionality
Low
CVE-2024-39772
was published
for
mattermost-desktop
(npm)
Sep 16, 2024
ProTip!
Advisories are also available from the
GraphQL API