Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

274 advisories

Loading
Python-TUF vulnerable to incorrect threshold signature computation for new root metadata Low
GHSA-r7vq-6425-j94w was published for tuf (pip) Sep 15, 2022
trishankatdatadog
OctoPrint does not have rate limiting on the login page Low
CVE-2022-2822 was published for OctoPrint (pip) Aug 16, 2022
OpenStack Nova Changing vnic_type breaks compute service restart Low
CVE-2022-37394 was published for nova (pip) Aug 4, 2022
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings Low
CVE-2022-31177 was published for Flask-AppBuilder (pip) Jul 29, 2022
Cabot Cross Site Scripting (XSS) vulnerability via Endpoint column Low
CVE-2020-7734 was published for cabot (pip) May 24, 2022
OpenStack Nova can leak consoleauth token into log files Low
CVE-2015-9543 was published for Nova (pip) May 24, 2022
OpenStack Nova Scheduler denial of service through scheduler_hints Low
CVE-2012-3371 was published for Nova (pip) May 17, 2022
OpenStack Compute (Nova) Resource limit circumvention in Nova private flavors Low
CVE-2013-4278 was published for nova (pip) May 17, 2022
OpenStack Identity Keystone Privilege Escalation vulnerability Low
CVE-2013-4477 was published for keystone (pip) May 17, 2022
Plone Denial of Service vulnerability via decompressing large zip archives Low
CVE-2013-4199 was published for plone (pip) May 17, 2022
Plone Multiple open redirect vulnerabilities Low
CVE-2013-4195 was published for plone (pip) May 17, 2022
OpenStack Keystone Sensitive information disclosure via log files Low
CVE-2013-2006 was published for keystone (pip) May 17, 2022
OpenStack Nova denial of service through compressed disk images Low
CVE-2013-4463 was published for nova (pip) May 17, 2022
OpenStack Compute (Nova) Denial of service due to improper validation of virtual size of QCOW2 image Low
CVE-2013-4469 was published for nova (pip) May 17, 2022
OpenStack Nova host data leak to vm instance in rescue mode Low
CVE-2014-0134 was published for nova (pip) May 17, 2022
ceph-deploy uses world-readable permissions on client.admin key Low
CVE-2015-4053 was published for ceph-deploy (pip) May 17, 2022
OpenStack Neutron Race condition vulnerability Low
CVE-2015-5240 was published for neutron (pip) May 17, 2022
ceph-deploy allows local users to obtain sensitive information by reading the file Low
CVE-2015-3010 was published for ceph-deploy (pip) May 17, 2022
Salt uses weak permissions on the cache data Low
CVE-2015-8034 was published for salt (pip) May 17, 2022
Loggerhead XSS via filename Low
CVE-2011-0728 was published for loggerhead (pip) May 17, 2022
Openstack Compute (Nova) Denial of service via network request that triggers large number of iptables rules Low
CVE-2012-2101 was published for nova (pip) May 17, 2022
OpenStack Keystone intended authorization restrictions bypass Low
CVE-2012-5571 was published for Keystone (pip) May 17, 2022
OpenStack Glance is vulnerable to Exposure of Sensitive Information Low
CVE-2013-1840 was published for glance (pip) May 17, 2022
RPLY Predictable Tmpfile Names Allows Cache Spoofing Low
CVE-2014-1604 was published for RPLY (pip) May 17, 2022
pyxdg Arbitrary File Overwrite via Race Condition Low
CVE-2014-1624 was published for pyxdg (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database