Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,094
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,468 advisories

Loading
Inventree Server-Side Request Forgery vulnerability exposes server port/internal IP Moderate
GHSA-vx3h-qwqw-r2wq was published for inventree (pip) Oct 2, 2024
febin0x10 SchrodingersGat
MoinMoin Cross-site Scripting (XSS) vulnerability Moderate
CVE-2016-7148 was published for moin (pip) May 17, 2022
Stored XSS in Jupyter nbdime Moderate
CVE-2021-41134 was published for nbdime (npm) Nov 8, 2021
MoinMoin improper access control on the included page for the rst parser Moderate
CVE-2008-6548 was published for moin (pip) May 17, 2022
Arbitrary file write in mindsdb when Extracting Tarballs retrieved from a remote location Moderate
CVE-2022-23522 was published for mindsdb (pip) Mar 30, 2023
Sim4n6
Inefficient Regular Expression Complexity in langflow Moderate
CVE-2024-9277 was published for langflow (pip) Sep 27, 2024
m3t3kh4n
Cross-site Scripting in modoboa Moderate
CVE-2023-0470 was published for modoboa (pip) Jan 27, 2023
Modoboa has Weak Password Requirements Moderate
CVE-2023-2160 was published for modoboa (pip) Apr 18, 2023
MoinMoin Cross-site Scripting (XSS) vulnerability Moderate
CVE-2009-1482 was published for moin (pip) May 2, 2022
Denial of service attack via push rule patterns in matrix-synapse Moderate
CVE-2021-29471 was published for matrix-synapse (pip) May 13, 2021
SSRF in Sydent due to missing validation of hostnames Moderate
CVE-2021-29431 was published for matrix-sydent (pip) Apr 19, 2021
Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints Moderate
CVE-2021-21393 was published for matrix-synapse (pip) Apr 13, 2021
HTML injection in email and account expiry notifications Moderate
CVE-2021-21333 was published for matrix-synapse (pip) Mar 26, 2021
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews Moderate
CVE-2023-32683 was published for matrix-synapse (pip) Jun 6, 2023
mayan-edms Cross-site Scripting vulnerability Moderate
CVE-2018-16405 was published for mayan-edms (pip) Sep 6, 2018
Cross-site scripting (XSS) vulnerability in the password reset endpoint Moderate
CVE-2021-21332 was published for matrix-synapse (pip) Mar 26, 2021
Denial of service attack via .well-known lookups Moderate
CVE-2021-21274 was published for matrix-synapse (pip) Mar 1, 2021
mscherer
loguru vulnerable to improper privilege management Moderate
CVE-2022-0338 was published for loguru (pip) Jan 26, 2022
lxml vulnerable to Cross-site Scripting Moderate
CVE-2020-27783 was published for lxml (pip) Jan 7, 2021
lxml NULL Pointer Dereference allows attackers to cause a denial of service Moderate
CVE-2022-2309 was published for lxml (pip) Jul 6, 2022
Improper Neutralization of Input During Web Page Generation in LXML Moderate
CVE-2018-19787 was published for lxml (pip) May 13, 2022
Mako contains Cross-site Scripting vulnerability Moderate
CVE-2010-2480 was published for mako (pip) May 17, 2022
mangadex-downloader vulnerable to unauthorized file reading Moderate
CVE-2022-36082 was published for mangadex-downloader (pip) Sep 16, 2022
lxml Cross-site Scripting Via Control Characters Moderate
CVE-2014-3146 was published for lxml (pip) May 14, 2022
joshbressers
markdown2 is vulnerable to cross-site scripting Moderate
CVE-2018-5773 was published for markdown2 (pip) Jul 12, 2018
woodruffw
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database