GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
27 advisories
Filter by severity
Flask is vulnerable to Denial of Service via incorrect encoding of JSON data
High
CVE-2018-1000656
was published
for
flask
(pip)
Aug 23, 2018
PyOpenSSL Use-After-Free vulnerability
High
CVE-2018-1000807
was published
for
pyopenssl
(pip)
Oct 10, 2018
PyKMIP Denial of service vulnerability
High
CVE-2018-1000872
was published
for
pykmip
(pip)
Dec 21, 2018
Pylons Colander Denial of Service vulnerability
High
CVE-2017-18361
was published
for
colander
(pip)
Feb 7, 2019
Uncontrolled Memory Consumption in Django
High
CVE-2019-6975
was published
for
Django
(pip)
Feb 12, 2019
Improper Certificate Validation in urllib3
High
CVE-2019-11324
was published
for
urllib3
(pip)
Apr 19, 2019
Improper Restriction of Operations within the Bounds of a Memory Buffer in Google TensorFlow
High
CVE-2018-8825
was published
for
tensorflow
(pip)
Apr 24, 2019
Aubio is vulnerable to a NULL pointer dereference in new_aubio_notes function
High
CVE-2018-19802
was published
for
aubio
(pip)
Jul 26, 2019
Data leakage via cache key collision in Django
High
CVE-2020-13254
was published
for
Django
(pip)
Jun 5, 2020
Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields
High
CVE-2021-29434
was published
for
wagtail
(pip)
Apr 20, 2021
Django Access Control Bypass possibly leading to SSRF, RFI, and LFI attacks
High
CVE-2021-33571
was published
for
Django
(pip)
Jun 10, 2021
XML External Entity Injection in PyWPS
High
CVE-2021-39371
was published
for
pywps
(pip)
Sep 2, 2021
Authentication Bypass Using an Alternate Path or Channel and Authentication Bypass by Primary Weakness in rucio-webui
High
GHSA-v988-828w-xvf2
was published
for
rucio-webui
(pip)
Oct 22, 2021
Signature verification vulnerability in Stark Bank ecdsa libraries
High
GHSA-9wx7-jrvc-28mm
was published
for
com.starkbank:ecdsa-java
(Maven)
Nov 8, 2021
Incorrect Default Permissions in Cobbler
High
CVE-2021-45083
was published
for
cobbler
(pip)
Feb 21, 2022
Improper Restriction of XML External Entity Reference in python-docx
High
CVE-2016-5851
was published
for
python-docx
(pip)
May 13, 2022
OpenStack Image Service (Glance) allows remote authenticated users to read arbitrary file
High
CVE-2015-5163
was published
for
glance
(pip)
May 17, 2022
Ansible password prompts could expose passwords
High
CVE-2019-10206
was published
for
ansible
(pip)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API