GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
14 advisories
Filter by severity
Local Privilege Escalation in Windows
High
CVE-2023-49797
was published
for
pyinstaller
(pip)
Dec 9, 2023
Planet's secret file is created with excessive permissions
High
CVE-2023-32303
was published
for
planet
(pip)
May 12, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment
Moderate
CVE-2022-3146
was published
for
tripleo-ansible
(pip)
Mar 23, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment
Moderate
CVE-2022-3101
was published
for
tripleo-ansible
(pip)
Mar 23, 2023
SaltStack Salt Allows creating certificates with weak file permissions
Moderate
CVE-2020-17490
was published
for
salt
(pip)
May 24, 2022
Cobbler Improper Validation of Security Tokens
Critical
CVE-2018-1000226
was published
for
cobbler
(pip)
May 13, 2022
Mercurial Incorrect Access Control vulnerability
Critical
CVE-2018-1000132
was published
for
mercurial
(pip)
May 13, 2022
Incorrect Permission Assignment for Critical Resource in Ansible
Moderate
CVE-2020-1736
was published
for
ansible
(pip)
Feb 9, 2022
Incorrect Permission Assignment for Critical Resource in OnionShare
Moderate
CVE-2022-21694
was published
for
onionshare-cli
(pip)
Jan 21, 2022
Incorrect Permission Assignment for Critical Resource in Plone
Critical
CVE-2021-33509
was published
for
Plone
(pip)
Jun 15, 2021
Paramiko Authentication Bypass vulnerability
High
CVE-2018-1000805
was published
for
paramiko
(pip)
Oct 10, 2018
Mercurial has Incorrect Permission Assignment for Critical Resource
High
CVE-2017-9462
was published
for
mercurial
(pip)
Jul 13, 2018
Koji hub call does not perform correct access checks
Critical
CVE-2018-1002150
was published
for
koji
(pip)
Jul 12, 2018
ProTip!
Advisories are also available from the
GraphQL API