Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

20,099 advisories

Loading
protobuf-java has potential Denial of Service issue High
CVE-2024-7254 was published for com.google.protobuf:protobuf-java (RubyGems) Sep 19, 2024
Puma's header normalization allows for client to clobber proxy set headers Moderate
CVE-2024-45614 was published for puma (RubyGems) Sep 20, 2024
Navidrome has Multiple SQL Injections and ORM Leak Critical
CVE-2024-47062 was published for github.com/navidrome/navidrome (Go) Sep 20, 2024
snyff
Plate allows arbitrary DOM attributes in element.attributes and leaf.attributes High
CVE-2024-47061 was published for @udecode/plate-core (npm) Sep 20, 2024
Prevent XSS from Confidant API call Moderate
CVE-2024-45793 was published for confidant (pip) Sep 20, 2024
whu-lyft meng-han
alejandroroiz achantavy heryxpc anshumanbh bstewart-lyft reindaelman
OPA for Windows has an SMB force-authentication vulnerability Moderate
CVE-2024-8260 was published for github.com/open-policy-agent/opa (Go) Aug 30, 2024
HTTPie allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack High
CVE-2023-48052 was published for httpie (pip) Nov 16, 2023
Code injection in FreeIPA High
CVE-2019-14867 was published for freeipa (pip) Dec 6, 2021
Cross-site Scripting in invenio-communities Moderate
CVE-2019-1020005 was published for invenio-communities (pip) Jul 16, 2019
tdunlap607
CRLF injection in httplib2 Moderate
CVE-2020-11078 was published for httplib2 (pip) May 20, 2020
Ciyfly
Improper Input Validation in Jupyter Notebook Critical
CVE-2015-7337 was published for ipython (pip) May 17, 2022
Exposure of Sensitive information in httpie Low
CVE-2022-0430 was published for httpie (pip) Mar 16, 2022
OpenStack Horizon Open redirect in workflow forms Moderate
CVE-2020-29565 was published for horizon (pip) May 24, 2022
Improper Neutralization of Formula Elements in a CSV File in html-2-csv Moderate
CVE-2021-23654 was published for html-to-csv (pip) Nov 30, 2021
KateCatlin
Horizon Web Dashboard Open Redirect vulnerability Moderate
CVE-2022-45582 was published for horizon (pip) Aug 22, 2023
GramAddict bot uses dependency with reverse tcp backdoor High
CVE-2020-36245 was published for GramAddict (pip) May 24, 2022
graphite.composer.views.send_email vulnerable to SSRF High
CVE-2017-18638 was published for graphite-web (pip) Oct 25, 2019
JLLeitschuh alex
orangetw
Update share links to use FRP instead of SSH tunneling Moderate
CVE-2023-25823 was published for gradio (pip) Feb 23, 2023
gregsadetsky samueltc
HPACK Denial of Service vulnerability (HPACK Bomb) High
CVE-2016-6581 was published for hpack (pip) Jul 5, 2019
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted PyPI package Moderate
CVE-2022-23531 was published for guarddog (pip) Dec 2, 2022
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package Moderate
CVE-2022-23530 was published for guarddog (pip) Dec 5, 2022
Sim4n6
Command injection in guake Moderate
CVE-2021-23556 was published for guake (pip) Mar 18, 2022
Use of insecure temporary file in Horovod High
CVE-2022-0315 was published for horovod (pip) Mar 29, 2022
JamieSlome ashahab
graphite-web is vulnerable to Remote Code Execution Critical
CVE-2013-5942 was published for graphite-web (pip) May 17, 2022
Open Redirect in httpie High
CVE-2019-10751 was published for httpie (pip) Aug 27, 2019
ProTip! Advisories are also available from the GraphQL API