GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,094 advisories
Filter by severity
LoLLMS vulnerable to Expected Behavior Violation
High
CVE-2024-6281
was published
for
lollms
(pip)
Jul 20, 2024
LiteLLM Server-Side Request Forgery (SSRF) vulnerability
High
CVE-2024-6587
was published
for
litellm
(pip)
Sep 13, 2024
PyCA Cryptography symmetrically encrypting large values can lead to integer overflow
High
CVE-2020-36242
was published
for
cryptography
(pip)
Feb 10, 2021
Incorrect Default Permissions in Cobbler
High
CVE-2021-45083
was published
for
cobbler
(pip)
Feb 21, 2022
CrateDB authentication bypass vulnerability
High
CVE-2023-51982
was published
for
crate
(Maven)
Jan 30, 2024
copyparty vulnerable to path traversal attack
High
CVE-2023-37474
was published
for
copyparty
(pip)
Jul 14, 2023
PyCA Cryptography vulnerable to GCM tag forgery
High
CVE-2018-10903
was published
for
cryptography
(pip)
Jul 31, 2018
conference-scheduler-cli Arbitrary Code Execution
High
CVE-2018-14572
was published
for
conference-scheduler-cli
(pip)
Oct 29, 2018
OS Command Injection in cookiecutter
High
CVE-2022-24065
was published
for
cookiecutter
(pip)
Jun 9, 2022
CherryPy Malicious cookies allow access to files outside the session directory
High
CVE-2008-0252
was published
for
cherrypy
(pip)
May 1, 2022
Bottle does not properly limit content-types
High
CVE-2014-3137
was published
for
bottle
(pip)
May 17, 2022
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
High
CVE-2021-40325
was published
for
cobbler
(pip)
Oct 5, 2021
Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.
High
CVE-2021-40324
was published
for
cobbler
(pip)
Oct 5, 2021
Django Channels leakage of session identifiers using legacy AsgiHandler
High
CVE-2020-35681
was published
for
channels
(pip)
Mar 19, 2021
CherryPy Directory traversal vulnerability
High
CVE-2006-0847
was published
for
cherrypy
(pip)
May 1, 2022
Improper Certificate Validation in blackduck
High
CVE-2020-27589
was published
for
blackduck
(pip)
Apr 20, 2021
Regular Expression Denial of Service in CairoSVG
High
CVE-2021-21236
was published
for
CairoSVG
(pip)
Jan 6, 2021
Cobbler before 3.3.0 allows log poisoning
High
CVE-2021-40323
was published
for
cobbler
(pip)
Oct 5, 2021
botframework-connector vulnerable to Improper Authentication
High
GHSA-cqff-fx2x-p86v
was published
for
botframework-connector
(pip)
Mar 8, 2021
cfscrape Improper Input Validation vulnerability
High
CVE-2017-7235
was published
for
cfscrape
(pip)
Jul 13, 2018
Pylons Colander Denial of Service vulnerability
High
CVE-2017-18361
was published
for
colander
(pip)
Feb 7, 2019
Aubio is vulnerable to a NULL pointer dereference in new_aubio_filterbank
High
CVE-2018-19801
was published
for
aubio
(pip)
Jul 26, 2019
Apache Libcloud does not verify SSL certificates for HTTPS connections
High
CVE-2010-4340
was published
for
apache-libcloud
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API