GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
JSNAPy allows unprivileged local users to alter files under the directory
High
CVE-2018-0023
was published
for
jsnapy
(pip)
Jul 12, 2018
Django allows unintended model editing
High
CVE-2019-19118
was published
for
Django
(pip)
Dec 4, 2019
Incorrect Default Permissions in keyring
High
CVE-2012-5578
was published
for
keyring
(pip)
Mar 10, 2020
Incorrect Default Permissions in keyring
High
CVE-2012-5577
was published
for
keyring
(pip)
Mar 11, 2020
Django Incorrect Default Permissions
Moderate
CVE-2020-24584
was published
for
django
(pip)
Mar 18, 2021
Django Incorrect Default Permissions
High
CVE-2020-24583
was published
for
Django
(pip)
Mar 18, 2021
Incorrect Default Permissions in Cobbler
High
CVE-2021-45083
was published
for
cobbler
(pip)
Feb 21, 2022
Incorrect Default Permissions in Supervisor
High
CVE-2017-11610
was published
for
supervisor
(pip)
May 13, 2022
OpenStack Manila Unprivileged users can retrieve, use and manipulate share networks
High
CVE-2020-9543
was published
for
manila
(pip)
May 24, 2022
rtslib-fb weak permissions for /etc/target/saveconfig.json file
High
CVE-2020-14019
was published
for
rtslib-fb
(pip)
May 24, 2022
ansible-runner has default temporary files written to world R/W locations
Moderate
CVE-2021-3701
was published
for
ansible-runner
(pip)
Aug 24, 2022
tripleo-ansible may disclose important configuration details from an OpenStack deployment
Moderate
CVE-2022-3146
was published
for
tripleo-ansible
(pip)
Mar 23, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment
Moderate
CVE-2022-3101
was published
for
tripleo-ansible
(pip)
Mar 23, 2023
Apache Superset has Incorrect Default Permissions
Moderate
CVE-2023-42501
was published
for
apache-superset
(pip)
Nov 27, 2023
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users
Moderate
CVE-2024-26280
was published
for
apache-airflow
(pip)
Mar 1, 2024
Phone information disclosure vulnerability
Moderate
CVE-2024-22889
was published
for
Plone
(pip)
Mar 6, 2024
langchain_experimental Code Execution via Python REPL access
High
CVE-2024-38459
was published
for
langchain-experimental
(pip)
Jun 16, 2024
MLflow's excessive directory permissions allow local privilege escalation
High
CVE-2024-27134
was published
for
mlflow
(pip)
Nov 25, 2024
ProTip!
Advisories are also available from the
GraphQL API