Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

3,022 advisories

Loading
SAML authentication bypass via Incorrect XPath selector Critical
CVE-2024-45409 was published for ruby-saml (RubyGems) Sep 10, 2024
ahacker1-securesaml
Django-Anymail prone to a timing attack Critical
CVE-2018-6596 was published for django-anymail (pip) Jul 12, 2018
Path Traversal in django-s3file Critical
CVE-2022-24840 was published for django-s3file (pip) Jun 6, 2022
tunecrew syphar
herrbenesch codingjoe
Directory traversal in Django Critical
CVE-2011-0698 was published for Django (pip) Jul 23, 2018
MarkLee131
Improper Verification of Cryptographic Signature in django-rest-registration Critical
CVE-2019-13177 was published for django-rest-registration (pip) Jul 2, 2019
peterthomassen
Unrestricted Upload of File with Dangerous Type in django-widgy Critical
CVE-2020-18704 was published for django-widgy (pip) Aug 30, 2021
Django Tastypie Improper Deserialization of YAML Data Critical
CVE-2011-4104 was published for django-tastypie (pip) May 14, 2022
Code Injection in Django Critical
CVE-2014-0472 was published for Django (pip) May 17, 2022
MarkLee131
django_make_app is vulnerable to Code Injection Critical
CVE-2017-16764 was published for django_make_app (pip) Jul 13, 2018
Django-piston and Django-tastypie do not properly deserialize YAML data Critical
CVE-2011-4103 was published for django-piston (pip) Jul 23, 2018
hermes-management is vulnerable to RCE due to Apache commons-jxpath Critical
GHSA-2gh6-wc3m-g37f was published for pl.allegro.tech.hermes:hermes-management (Maven) Sep 17, 2024
Django user with hardcoded password created when running tests on Oracle Critical
CVE-2016-9013 was published for Django (pip) May 17, 2022
MarkLee131
AutoGPT bypass of the shell commands denylist settings Critical
CVE-2024-6091 was published for agpt (pip) Sep 11, 2024
Chaosblade vulnerable to OS command execution Critical
CVE-2023-47105 was published for github.com/chaosblade-io/chaosblade (Go) Sep 18, 2024
go.uuid has Predictable UUID Identifiers Critical
CVE-2021-3538 was published for github.com/satori/go.uuid (Go) Feb 7, 2023
Dragonfly2 has hard coded cyptographic key Critical
CVE-2023-27584 was published for d7y.io/dragonfly/v2 (Go) Sep 19, 2024
cokeBeer
HTTP client can manipulate custom HTTP headers that are added by Traefik Critical
CVE-2024-45410 was published for github.com/traefik/traefik (Go) Sep 19, 2024
drolmat
OpenShift Controller Manager Improper Privilege Management Critical
CVE-2024-45496 was published for github.com/openshift/openshift-controller-manager (Go) Sep 17, 2024
OpenShift Builder has a path traversal, allows command injection in privileged BuildContainer Critical
CVE-2024-7387 was published for github.com/openshift/builder (Go) Sep 17, 2024
Grafana plugin SDK Information Leakage Critical
CVE-2024-8986 was published for github.com/grafana/grafana-plugin-sdk-go (Go) Sep 19, 2024
LangChain Experimental Eval Injection vulnerability Critical
CVE-2024-46946 was published for langchain-experimental (pip) Sep 19, 2024
omniauth-saml vulnerable to Improper Verification of Cryptographic Signature Critical
GHSA-cvp8-5r8g-fhvq was published for omniauth-saml (RubyGems) Sep 11, 2024
ahacker1-securesaml suprnova32
rajiv bufferoverflow
ProTip! Advisories are also available from the GraphQL API