GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
278 advisories
Filter by severity
Zope management interface vulnerable to stored cross site scripting via the title property
Low
CVE-2023-44389
was published
for
Zope
(pip)
Oct 4, 2023
matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes
Low
CVE-2023-41335
was published
for
matrix-synapse
(pip)
Sep 26, 2023
plone.restapi vulnerable to Stored Cross Site Scripting with SVG image in user portrait
Low
GHSA-hc5c-r8m5-2gfh
was published
for
plone.restapi
(pip)
Sep 21, 2023
plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images
Low
CVE-2023-41048
was published
for
plone.namedfile
(pip)
Sep 21, 2023
Vulnerable OpenSSL included in cryptography wheels
Low
GHSA-v8gr-m533-ghj9
was published
for
cryptography
(pip)
Sep 21, 2023
Zope vulnerable to Stored Cross Site Scripting with SVG images
Low
CVE-2023-42458
was published
for
Zope
(pip)
Sep 21, 2023
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes
Low
CVE-2023-41329
was published
for
com.github.tomakehurst:wiremock-jre8
(Maven)
Sep 8, 2023
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in hyper-bump-it
Low
CVE-2023-41057
was published
for
hyper-bump-it
(pip)
Sep 4, 2023
pyca/cryptography's wheels include vulnerable OpenSSL
Low
GHSA-jm77-qphf-c4w8
was published
for
cryptography
(pip)
Aug 1, 2023
Fides Webserver Vulnerable to SVG Bomb File Uploads
Low
CVE-2023-37481
was published
for
ethyca-fides
(pip)
Jul 18, 2023
Fides Webserver Vulnerable to Zip Bomb File Uploads
Low
CVE-2023-37480
was published
for
ethyca-fides
(pip)
Jul 18, 2023
SafeURL-Python's hostname blocklist does not block FQDNs
Low
GHSA-373w-rj84-pv6x
was published
for
SafeURL-Python
(pip)
Jun 29, 2023
Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error
Low
CVE-2023-34110
was published
for
Flask-AppBuilder
(pip)
Jun 22, 2023
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews
Low
CVE-2023-32683
was published
for
matrix-synapse
(pip)
Jun 6, 2023
Vulnerable OpenSSL included in cryptography wheels
Low
GHSA-5cpq-8wj7-hf2v
was published
for
cryptography
(pip)
Jun 2, 2023
Vyper's nonpayable default functions are sometimes payable
Low
CVE-2023-32675
was published
for
vyper
(pip)
May 22, 2023
Starlette has Path Traversal vulnerability in StaticFiles
Low
CVE-2023-29159
was published
for
starlette
(pip)
May 17, 2023
kiwi TCMS has possibility for user to update email address to unverified one
Low
CVE-2023-30544
was published
for
kiwitcms
(pip)
Apr 24, 2023
configobj ReDoS exploitable by developer using values in a server-side configuration file
Low
CVE-2023-26112
was published
for
configobj
(pip)
Apr 3, 2023
OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability
Low
CVE-2022-4134
was published
for
glance
(pip)
Mar 7, 2023
Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions
Low
CVE-2023-26052
was published
for
saleor
(pip)
Mar 2, 2023
Lemur subject to insecure random generation
Low
GHSA-5fqv-mpj8-h7gm
was published
for
lemur
(pip)
Mar 1, 2023
Incorrect parsing of nameless cookies leads to __Host- cookies bypass
Low
CVE-2023-23934
was published
for
Werkzeug
(pip)
Feb 15, 2023
IPython vulnerable to command injection via set_term_title
Low
CVE-2023-24816
was published
for
ipython
(pip)
Feb 10, 2023
ProTip!
Advisories are also available from the
GraphQL API