GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,364
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
Reportlab vulnerable to remote code execution
High
CVE-2023-33733
was published
for
reportlab
(pip)
Jun 5, 2023
Authenticated Local Privilege Escalation vulnerability in Intel Optimization for Tensorflow
Moderate
CVE-2023-27506
was published
for
intel-tensorflow
(pip)
Aug 11, 2023
GitPython blind local file inclusion
Moderate
CVE-2023-41040
was published
for
GitPython
(pip)
Aug 30, 2023
Null pointer dereference in PKCS12 parsing
Moderate
CVE-2024-0727
was published
for
cryptography
(pip)
Jan 26, 2024
Deserialization of untrusted data in synthcity
Critical
CVE-2024-0937
was published
for
synthcity
(pip)
Jan 26, 2024
glance-store logs s3 access keys
Moderate
CVE-2024-1141
was published
for
glance-store
(pip)
Feb 1, 2024
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance
Moderate
CVE-2024-24595
was published
for
clearml
(pip)
Feb 6, 2024
OAuth2 client ID and secret exposed through the web browser
High
CVE-2024-9014
was published
for
pgadmin4
(pip)
Sep 23, 2024
Inefficient Regular Expression Complexity in langflow
Moderate
CVE-2024-9277
was published
for
langflow
(pip)
Sep 27, 2024
ReLaXed Cross-site Scripting vulnerability
Low
CVE-2024-9283
was published
for
relaxedjs
(npm)
Sep 27, 2024
Slim Select has potential Cross-site Scripting issue
Moderate
CVE-2024-9440
was published
for
slim-select
(npm)
Oct 2, 2024
ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function
Low
CVE-2024-9506
was published
for
vue
(npm)
Oct 15, 2024
MySQL Connector/Python connector takeover vulnerability
High
CVE-2024-21272
was published
for
mysql-connector-python
(pip)
Oct 15, 2024
Flair allows arbitrary code execution
Moderate
CVE-2024-10073
was published
for
flair
(pip)
Oct 17, 2024
ProTip!
Advisories are also available from the
GraphQL API