Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,832
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
797
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,160 advisories

Loading
CRLF injection in httplib2 Low
CVE-2020-11078 was published for httplib2 (pip) May 20, 2020
Ciyfly
python-gnupg allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended Moderate
GHSA-qh62-ch95-63wh was published for python-gnupg (pip) Mar 13, 2020 withdrawn
python-docutils allows insecure usage of temporary files Critical
CVE-2009-5042 was published for docutils (pip) Mar 13, 2020
Double Free in psutil High
CVE-2019-18874 was published for psutil (pip) Mar 12, 2020
GitHub personal access token leaking into temporary EasyBuild (debug) logs Moderate
CVE-2020-5262 was published for easybuild-framework (pip) Mar 19, 2020
zao boegel
2FA bypass through deleting devices in wagtail-2fa High
CVE-2020-5240 was published for wagtail-2fa (pip) Mar 13, 2020
SQL injection in Tortoise ORM Moderate
CVE-2020-11010 was published for tortoise-orm (pip) Apr 20, 2020
Uncontrolled Resource Consumption in Indy Node High
CVE-2020-11090 was published for indy-node (pip) Jun 11, 2020
Malicious package may avoid detection in python auditing Moderate
CVE-2020-5252 was published for safety (pip) Mar 24, 2020
akoumjian G-Rath
Vyper interfaces returning integer types less than 256 bits can be manipulated if uint256 is used Low
GHSA-mr6r-mvw4-736g was published for vyper (pip) Mar 25, 2020
montyly
Incorrect Default Permissions in keyring High
CVE-2012-5577 was published for keyring (pip) Mar 11, 2020
Moderate severity vulnerability that affects python-gnupg Moderate
CVE-2014-1928 was published for python-gnupg (pip) Nov 6, 2018
Out-of-bounds read in TensorFlow possibly causing disclosure of the contents of process memory. Moderate
CVE-2018-21233 was published for tensorflow (pip) May 13, 2020
Moderate severity vulnerability that affects mayan-edms Moderate
CVE-2018-16407 was published for mayan-edms (pip) Sep 6, 2018
High severity vulnerability that affects cfscrape High
CVE-2017-7235 was published for cfscrape (pip) Jul 13, 2018
Moderate severity vulnerability that affects mayan-edms Moderate
CVE-2018-16406 was published for mayan-edms (pip) Sep 6, 2018
Moderate severity vulnerability that affects Plone and plone.app.users Moderate
CVE-2011-1950 was published for Plone (pip) Jul 23, 2018
Moderate severity vulnerability that affects moin Moderate
CVE-2017-5934 was published for moin (pip) Jan 4, 2019
Moderate severity vulnerability that affects Plone and Zope2 Moderate
CVE-2012-6661 was published for Plone (pip) Jul 23, 2018
Moderate severity vulnerability that affects feedparser Moderate
CVE-2011-1158 was published for feedparser (pip) Jul 23, 2018
High severity vulnerability that affects privacyIDEA High
CVE-2018-1000809 was published for privacyIDEA (pip) Jan 14, 2019
Pycrypto generates weak key parameters High
CVE-2018-6594 was published for pycrypto (pip) Jul 12, 2018
Moderate severity vulnerability that affects feedparser Moderate
CVE-2011-1156 was published for feedparser (pip) Jul 23, 2018
Mitmweb in mitmproxy allows DNS Rebinding attacks High
CVE-2018-14505 was published for mitmproxy (pip) Jul 31, 2018
Moderate severity vulnerability that affects Plone and Zope2 Moderate
CVE-2012-5489 was published for Plone (pip) Jul 23, 2018
ProTip! Advisories are also available from the GraphQL API