GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
21 advisories
Filter by severity
python-docutils allows insecure usage of temporary files
Critical
CVE-2009-5042
was published
for
docutils
(pip)
Mar 13, 2020
user-readable api tokens in systemd units for JupyterHub
High
CVE-2020-26261
was published
for
jupyterhub-systemdspawner
(pip)
Dec 9, 2020
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible
Moderate
CVE-2020-10685
was published
for
ansible
(pip)
Apr 7, 2021
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible
High
CVE-2019-14905
was published
for
ansible
(pip)
Apr 20, 2021
Ansible vulnerable to Exposure of Resource to Wrong Sphere and Insecure Temporary File
Low
CVE-2020-1733
was published
for
ansible
(pip)
Apr 20, 2021
Exposure of Resource to Wrong Sphere in salt
High
CVE-2021-21996
was published
for
salt
(pip)
Nov 21, 2021
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible
Low
CVE-2020-10744
was published
for
ansible
(pip)
Feb 9, 2022
Insecure temporary file in Tensorflow
High
CVE-2022-23563
was published
for
tensorflow
(pip)
Feb 9, 2022
Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates
Moderate
CVE-2021-4180
was published
for
tripleo-heat-templates
(pip)
Mar 24, 2022
Use of insecure temporary file in Horovod
High
CVE-2022-0315
was published
for
horovod
(pip)
Mar 29, 2022
Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library
Moderate
CVE-2022-30187
was published
for
Azure.Storage.Blobs
(Maven)
Jul 13, 2022
Workers for local Dask clusters mistakenly listened on public interfaces
Critical
GHSA-hwqr-f3v9-hwxr
was published
for
distributed
(pip)
Jul 15, 2022
Temporary File Information Disclosure vulnerability in MPXJ
Low
CVE-2022-41954
was published
for
mpxj
(Maven)
Nov 28, 2022
Apache Superset has Improper Access Control
Moderate
CVE-2022-45438
was published
for
apache-superset
(pip)
Jan 16, 2023
Apache Airflow vulnerable to privilege escalation
Moderate
CVE-2023-42792
was published
for
apache-airflow
(pip)
Oct 14, 2023
Apache Airflow vulnerable to Exposure of Resource to Wrong Sphere
Moderate
CVE-2023-48291
was published
for
apache-airflow
(pip)
Dec 21, 2023
Apache Airflow: DAG Code and Import Error Permissions Ignored
Moderate
CVE-2024-27906
was published
for
apache-airflow
(pip)
Feb 29, 2024
DIRAC: Unauthorized users can read proxy contents during generation
High
CVE-2024-29905
was published
for
DIRAC
(pip)
Apr 9, 2024
ProTip!
Advisories are also available from the
GraphQL API