Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,467 advisories

Loading
Cross-site Scripting in modoboa Moderate
CVE-2023-0470 was published for modoboa (pip) Jan 27, 2023
Modoboa has Weak Password Requirements Moderate
CVE-2023-2160 was published for modoboa (pip) Apr 18, 2023
MoinMoin Cross-site Scripting (XSS) vulnerability Moderate
CVE-2009-1482 was published for moin (pip) May 2, 2022
Denial of service attack via push rule patterns in matrix-synapse Moderate
CVE-2021-29471 was published for matrix-synapse (pip) May 13, 2021
SSRF in Sydent due to missing validation of hostnames Moderate
CVE-2021-29431 was published for matrix-sydent (pip) Apr 19, 2021
Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints Moderate
CVE-2021-21393 was published for matrix-synapse (pip) Apr 13, 2021
HTML injection in email and account expiry notifications Moderate
CVE-2021-21333 was published for matrix-synapse (pip) Mar 26, 2021
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews Moderate
CVE-2023-32683 was published for matrix-synapse (pip) Jun 6, 2023
mayan-edms Cross-site Scripting vulnerability Moderate
CVE-2018-16405 was published for mayan-edms (pip) Sep 6, 2018
Cross-site scripting (XSS) vulnerability in the password reset endpoint Moderate
CVE-2021-21332 was published for matrix-synapse (pip) Mar 26, 2021
Denial of service attack via .well-known lookups Moderate
CVE-2021-21274 was published for matrix-synapse (pip) Mar 1, 2021
mscherer
loguru vulnerable to improper privilege management Moderate
CVE-2022-0338 was published for loguru (pip) Jan 26, 2022
lxml vulnerable to Cross-site Scripting Moderate
CVE-2020-27783 was published for lxml (pip) Jan 7, 2021
lxml NULL Pointer Dereference allows attackers to cause a denial of service Moderate
CVE-2022-2309 was published for lxml (pip) Jul 6, 2022
Improper Neutralization of Input During Web Page Generation in LXML Moderate
CVE-2018-19787 was published for lxml (pip) May 13, 2022
Mako contains Cross-site Scripting vulnerability Moderate
CVE-2010-2480 was published for mako (pip) May 17, 2022
mangadex-downloader vulnerable to unauthorized file reading Moderate
CVE-2022-36082 was published for mangadex-downloader (pip) Sep 16, 2022
lxml Cross-site Scripting Via Control Characters Moderate
CVE-2014-3146 was published for lxml (pip) May 14, 2022
joshbressers
markdown2 is vulnerable to cross-site scripting Moderate
CVE-2018-5773 was published for markdown2 (pip) Jul 12, 2018
woodruffw
Cross-site scripting in markdown2 for python Moderate
CVE-2009-3724 was published for markdown2 (pip) Apr 21, 2022
westonsteimel
lxml vulnerable to Cross-Site Scripting Moderate
CVE-2021-28957 was published for lxml (pip) Mar 22, 2021
lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through Moderate
CVE-2021-43818 was published for lxml (pip) Dec 13, 2021
pwntester
Creation of Temporary File With Insecure Permissions in logilab-commons Moderate
CVE-2014-1839 was published for logilab-common (pip) May 14, 2022
Lin-CMS-Flask Cross Site Scripting (XSS) vulnerability Moderate
CVE-2020-18699 was published for lin-cms (pip) May 24, 2022
Locust Stored Cross-site Scripting Vulnerability Moderate
CVE-2020-28364 was published for locust (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database