Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,726 advisories

Loading
Django Cross-site scripting (XSS) vulnerability via is_safe_url function Moderate
CVE-2013-6044 was published for django (pip) May 17, 2022
Django Data leakage via admin history log Moderate
CVE-2013-0305 was published for django (pip) May 5, 2022
Django Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget Moderate
CVE-2013-4249 was published for django (pip) May 17, 2022
Race Condition in Paramiko Moderate
CVE-2022-24302 was published for paramiko (pip) Mar 19, 2022
ktosiek
Gerapy < 0.9.8 may cause remote code execution Critical
CVE-2021-43857 was published for gerapy (pip) Jan 6, 2022
cleo is vulnerable to Regular Expression Denial of Service (ReDoS) Moderate
CVE-2022-42966 was published for cleo (pip) Nov 10, 2022
neersighted tdunlap607
mako is vulnerable to Regular Expression Denial of Service High
CVE-2022-40023 was published for mako (pip) Sep 16, 2022
Information disclosure in Django High
CVE-2021-45116 was published for Django (pip) Jan 12, 2022
tdunlap607
Execution with Unnecessary Privileges in JupyterApp High
CVE-2022-39286 was published for jupyter-core (pip) Oct 26, 2022
Cross-site Scripting in Mistune Moderate
CVE-2017-15612 was published for mistune (pip) May 17, 2022
tdunlap607
Django Middleware Enables Session Hijacking Moderate
CVE-2014-0482 was published for django (pip) May 14, 2022
pyxdg Arbitrary File Overwrite via Race Condition Low
CVE-2014-1624 was published for pyxdg (pip) May 17, 2022
Starlette has Path Traversal vulnerability in StaticFiles Low
CVE-2023-29159 was published for starlette (pip) May 17, 2023
aminalaee
Unsafe deserialisation in the PKI implementation scheme of NVFlare Critical
CVE-2022-31604 was published for nvflare (pip) Jun 22, 2022
IPython vulnerable to command injection via set_term_title Moderate
CVE-2023-24816 was published for IPython (pip) Feb 10, 2023
Path traversal in ubi-reader Moderate
CVE-2023-0591 was published for ubi-reader (pip) Jan 31, 2023
qkaiser
Pillow subject to DoS via SAMPLESPERPIXEL tag High
CVE-2022-45199 was published for pillow (pip) Nov 14, 2022
Tenant and Verifier might not use the same registrar data Critical
CVE-2022-1053 was published for keylime (pip) May 5, 2022
THS-on
Unsafe pyyaml load usage in PyAnyAPI Critical
CVE-2017-16616 was published for pyanyapi (pip) May 13, 2022
westonsteimel
Catastrophic backtracking in URL authority parser when passed URL containing many @ characters High
CVE-2021-33503 was published for urllib3 (pip) Jun 1, 2021
NariyoshiChida ap-wtioit
SatyaLab opendiamond 10.1.1 vulnerable to path traversal because Flask send_file function used unsafely Critical
CVE-2022-31506 was published for opendiamond (pip) Jul 12, 2022
Denial of service in bottle Critical
CVE-2022-31799 was published for bottle (pip) Jun 3, 2022
Unsafe yaml deserialization in NVFlare Critical
CVE-2022-31605 was published for nvflare (pip) Jun 22, 2022
py7zr directory traversal vulnerability Critical
CVE-2022-44900 was published for py7zr (pip) Dec 6, 2022
NVFLARE unsafe deserialization due to Pickle Critical
CVE-2022-34668 was published for nvflare (pip) Aug 31, 2022
ProTip! Advisories are also available from the GraphQL API