GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,655
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,467 advisories
Filter by severity
Apache Superset: Improper error handling on alerts
Moderate
CVE-2024-27315
was published
for
apache-superset
(pip)
Feb 28, 2024
Inventree Server-Side Request Forgery vulnerability exposes server port/internal IP
Moderate
GHSA-vx3h-qwqw-r2wq
was published
for
inventree
(pip)
Oct 2, 2024
MoinMoin Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2016-7148
was published
for
moin
(pip)
May 17, 2022
MoinMoin improper access control on the included page for the rst parser
Moderate
CVE-2008-6548
was published
for
moin
(pip)
May 17, 2022
Arbitrary file write in mindsdb when Extracting Tarballs retrieved from a remote location
Moderate
CVE-2022-23522
was published
for
mindsdb
(pip)
Mar 30, 2023
Inefficient Regular Expression Complexity in langflow
Moderate
CVE-2024-9277
was published
for
langflow
(pip)
Sep 27, 2024
Modoboa has Weak Password Requirements
Moderate
CVE-2023-2160
was published
for
modoboa
(pip)
Apr 18, 2023
MoinMoin Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2009-1482
was published
for
moin
(pip)
May 2, 2022
Denial of service attack via push rule patterns in matrix-synapse
Moderate
CVE-2021-29471
was published
for
matrix-synapse
(pip)
May 13, 2021
SSRF in Sydent due to missing validation of hostnames
Moderate
CVE-2021-29431
was published
for
matrix-sydent
(pip)
Apr 19, 2021
Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints
Moderate
CVE-2021-21393
was published
for
matrix-synapse
(pip)
Apr 13, 2021
HTML injection in email and account expiry notifications
Moderate
CVE-2021-21333
was published
for
matrix-synapse
(pip)
Mar 26, 2021
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews
Moderate
CVE-2023-32683
was published
for
matrix-synapse
(pip)
Jun 6, 2023
mayan-edms Cross-site Scripting vulnerability
Moderate
CVE-2018-16405
was published
for
mayan-edms
(pip)
Sep 6, 2018
Cross-site scripting (XSS) vulnerability in the password reset endpoint
Moderate
CVE-2021-21332
was published
for
matrix-synapse
(pip)
Mar 26, 2021
Denial of service attack via .well-known lookups
Moderate
CVE-2021-21274
was published
for
matrix-synapse
(pip)
Mar 1, 2021
loguru vulnerable to improper privilege management
Moderate
CVE-2022-0338
was published
for
loguru
(pip)
Jan 26, 2022
lxml vulnerable to Cross-site Scripting
Moderate
CVE-2020-27783
was published
for
lxml
(pip)
Jan 7, 2021
lxml NULL Pointer Dereference allows attackers to cause a denial of service
Moderate
CVE-2022-2309
was published
for
lxml
(pip)
Jul 6, 2022
Improper Neutralization of Input During Web Page Generation in LXML
Moderate
CVE-2018-19787
was published
for
lxml
(pip)
May 13, 2022
Mako contains Cross-site Scripting vulnerability
Moderate
CVE-2010-2480
was published
for
mako
(pip)
May 17, 2022
mangadex-downloader vulnerable to unauthorized file reading
Moderate
CVE-2022-36082
was published
for
mangadex-downloader
(pip)
Sep 16, 2022
lxml Cross-site Scripting Via Control Characters
Moderate
CVE-2014-3146
was published
for
lxml
(pip)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API