GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,093 advisories
Filter by severity
Jupyter server on Windows discloses Windows user password hash
High
CVE-2024-35178
was published
for
jupyter_server
(pip)
Jun 6, 2024
Observable Timing Discrepancy in pypqc
High
GHSA-hvh4-5qr6-3v7r
was published
for
pypqc
(pip)
Jun 5, 2024
ydata unsafe deserialization
High
CVE-2024-37062
was published
for
ydata-profiling
(pip)
Jun 4, 2024
ydata unsafe deserialization
High
CVE-2024-37064
was published
for
ydata-profiling
(pip)
Jun 4, 2024
ansibleguy-webui Cross-site Scripting vulnerability
High
CVE-2024-36110
was published
for
ansibleguy-webui
(pip)
May 28, 2024
NASA AIT-Core uses unencrypted channels to exchange data over the network
High
CVE-2024-35061
was published
for
ait-core
(pip)
May 21, 2024
NASA AIT-Core vulnerable to remote code execution
High
CVE-2024-35057
was published
for
ait-core
(pip)
May 21, 2024
NASA AIT-Core vulnerable to remote code execution
High
CVE-2024-35058
was published
for
ait-core
(pip)
May 21, 2024
Duplicate Advisory: Scrapy leaks the authorization header on same-domain but cross-origin redirects
High
GHSA-cg34-w3fm-82h3
was published
for
scrapy
(pip)
May 20, 2024
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API