Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

123 advisories

Loading
Improper date handling in Django Moderate
CVE-2010-4535 was published for Django (pip) Jul 23, 2018
MarkLee131
Session manipulation in Django Moderate
CVE-2011-4136 was published for Django (pip) Jul 23, 2018
MarkLee131
Improper query string handling in Django Moderate
CVE-2010-4534 was published for Django (pip) Jul 23, 2018
MarkLee131
Apache Airflow Improper Input Validation vulnerability Moderate
CVE-2023-22888 was published for apache-airflow (pip) Jul 12, 2023
Apache Airflow Improper Input Validation vulnerability Moderate
CVE-2023-36543 was published for apache-airflow (pip) Jul 12, 2023
Apache Libcloud vulnerable to certificate impersonation Moderate
CVE-2012-3446 was published for apache-libcloud (pip) May 17, 2022
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible Moderate
CVE-2019-14905 was published for ansible (pip) Apr 20, 2021
Ansible password prompts could expose passwords Moderate
CVE-2019-10206 was published for ansible (pip) May 24, 2022
tdunlap607
aiohttp's ClientSession is vulnerable to CRLF injection via version Moderate
CVE-2023-49081 was published for aiohttp (pip) Nov 27, 2023
jnovikov
aiohttp's ClientSession is vulnerable to CRLF injection via method Moderate
CVE-2023-49082 was published for aiohttp (pip) Nov 27, 2023
jnovikov
Improper Input Validation in ansible Moderate
CVE-2016-8647 was published for ansible (pip) Oct 10, 2018
Segmentation fault in tensorflow-lite Moderate
CVE-2020-15210 was published for tensorflow (pip) Sep 25, 2020
Apache Superset server arbitrary file read Moderate
CVE-2024-34693 was published for apache-superset (pip) Jun 20, 2024
Improper Input Validation in pip Moderate
CVE-2021-3572 was published for pip (pip) Nov 15, 2021
vyper performs double eval of the slice start/length args in certain cases Moderate
CVE-2024-32646 was published for vyper (pip) Apr 25, 2024
cyberthirst
vyper performs incorrect topic logging in raw_log Moderate
CVE-2024-32645 was published for vyper (pip) Apr 25, 2024
chen-robert
Arbitrary file deletion in litellm Moderate
CVE-2024-4888 was published for litellm (pip) Jun 6, 2024
Microsoft Common Data Model SDK Denial of Service Vulnerability Moderate
CVE-2023-36566 was published for Microsoft.CommonDataModel.ObjectModel (Maven) Oct 10, 2023
degant
OpenStack Identity (Keystone) Denial of Service Moderate
CVE-2013-2014 was published for keystone (pip) May 13, 2022
Policies not properly enforced in bluemonday Moderate
CVE-2021-42576 was published for github.com/microcosm-cc/bluemonday (Go) Oct 19, 2021
OpenStack Compute (Nova) Improper Input Validation Moderate
CVE-2012-2654 was published for nova (pip) May 17, 2022
Transifex command-line client has improper certificate validation Moderate
CVE-2013-7110 was published for transifex-client (pip) May 17, 2022
Tornado CRLF injection vulnerability Moderate
CVE-2012-2374 was published for tornado (pip) May 17, 2022
pyshop vulnerable to man-in-the-middle attacks due to using HTTP to retrieve packages from the PyPI repository Moderate
CVE-2013-1630 was published for pyshop (pip) May 17, 2022
PyWBEM TOCTOU vulnerability in certificate validation Moderate
CVE-2013-6418 was published for pywbem (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API