Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

8,917 advisories

Loading
Puma's header normalization allows for client to clobber proxy set headers Moderate
CVE-2024-45614 was published for puma (RubyGems) Sep 20, 2024
Prevent XSS from Confidant API call Moderate
CVE-2024-45793 was published for confidant (pip) Sep 20, 2024
whu-lyft meng-han
alejandroroiz achantavy heryxpc anshumanbh bstewart-lyft reindaelman
OPA for Windows has an SMB force-authentication vulnerability Moderate
CVE-2024-8260 was published for github.com/open-policy-agent/opa (Go) Aug 30, 2024
Cross-site Scripting in invenio-communities Moderate
CVE-2019-1020005 was published for invenio-communities (pip) Jul 16, 2019
tdunlap607
CRLF injection in httplib2 Moderate
CVE-2020-11078 was published for httplib2 (pip) May 20, 2020
Ciyfly
OpenStack Horizon Open redirect in workflow forms Moderate
CVE-2020-29565 was published for horizon (pip) May 24, 2022
Improper Neutralization of Formula Elements in a CSV File in html-2-csv Moderate
CVE-2021-23654 was published for html-to-csv (pip) Nov 30, 2021
KateCatlin
Horizon Web Dashboard Open Redirect vulnerability Moderate
CVE-2022-45582 was published for horizon (pip) Aug 22, 2023
Update share links to use FRP instead of SSH tunneling Moderate
CVE-2023-25823 was published for gradio (pip) Feb 23, 2023
gregsadetsky samueltc
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted PyPI package Moderate
CVE-2022-23531 was published for guarddog (pip) Dec 2, 2022
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package Moderate
CVE-2022-23530 was published for guarddog (pip) Dec 5, 2022
Sim4n6
Command injection in guake Moderate
CVE-2021-23556 was published for guake (pip) Mar 18, 2022
Improper Neutralization of Input During Web Page Generation in html5lib Moderate
CVE-2016-9909 was published for html5lib (pip) May 17, 2022
Gradio vulnerable to arbitrary file read and proxying of arbitrary URLs Moderate
CVE-2023-34239 was published for gradio (pip) Jun 9, 2023
mastomii
Home Assistant vulnerable to account takeover via auth_callback login Moderate
CVE-2023-41893 was published for homeassistant (pip) Oct 26, 2023
Potential Captcha Validate Bypass in flask-session-captcha Moderate
CVE-2022-24880 was published for flask-session-captcha (pip) Apr 26, 2022
GuillaumeGomez
Verification check bypass in Gate One Moderate
CVE-2020-19003 was published for gateone (pip) Oct 12, 2021
XML External Entity Reference in Glances Moderate
CVE-2021-23418 was published for Glances (pip) Aug 9, 2021
Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length Moderate
CVE-2024-8796 was published for devise-two-factor (RubyGems) Sep 17, 2024
syntacticNaCl mark-adams
GitPython blind local file inclusion Moderate
CVE-2023-41040 was published for GitPython (pip) Aug 30, 2023
stsewd m3t3kh4n
EliahKagan
Open redirect in Flask-Unchained Moderate
CVE-2021-23393 was published for Flask-Unchained (pip) Jun 15, 2021
D-Tale Command Execution Vulnerability Moderate
CVE-2024-8862 was published for dtale (pip) Sep 16, 2024
Aim Stored XSS through TEXT EXPLORER Moderate
CVE-2024-8863 was published for aim (pip) Sep 16, 2024
Open Redirect in Flask-User Moderate
CVE-2021-23401 was published for Flask-User (pip) Aug 9, 2021
FreeIPA logs passwords embedded in commands in calls using batch Moderate
CVE-2019-10195 was published for freeipa (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API