Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

70 advisories

Loading
django-sendfile2 before 0.7.0 contains reflected file download vulnerability High
GHSA-pcjh-6r5h-r92r was published for django-sendfile2 (pip) Aug 11, 2022
moggers87 sergei-maertens
High severity vulnerability that affects privacyIDEA High
CVE-2018-1000809 was published for privacyIDEA (pip) Jan 14, 2019
Mitmweb in mitmproxy allows DNS Rebinding attacks High
CVE-2018-14505 was published for mitmproxy (pip) Jul 31, 2018
High severity vulnerability that affects python-gnupg High
CVE-2014-1927 was published for python-gnupg (pip) Nov 6, 2018
FedMsg not properly completing message validation High
CVE-2017-1000001 was published for FedMsg (pip) Jul 13, 2018
Improper Input Validation in kdcproxy High
CVE-2015-5159 was published for kdcproxy (pip) Nov 1, 2018
Improper Input Validation in sopel-plugins.channelmgnt High
CVE-2021-21431 was published for sopel-plugins.channelmgnt (pip) Apr 9, 2021
Sydent vulnerable to denial of service attack via memory exhaustion High
CVE-2021-29430 was published for matrix-sydent (pip) Apr 19, 2021
Denial of Service in Tensorflow High
CVE-2020-15203 was published for tensorflow (pip) Sep 25, 2020
Denial of service attack due to invalid JSON High
CVE-2020-26890 was published for matrix-synapse (pip) Nov 24, 2020
dkasak
SSRF in Sydent due to missing validation of hostnames High
CVE-2021-29431 was published for matrix-sydent (pip) Apr 19, 2021
Incomplete validation in MKL requantization High
CVE-2021-37665 was published for tensorflow (pip) Aug 25, 2021
Incomplete validation in `QuantizeV2` High
CVE-2021-37663 was published for tensorflow (pip) Aug 25, 2021
Pipenv's requirements.txt parsing allows malicious index url in comments High
CVE-2022-21668 was published for pipenv (pip) Jan 12, 2022
milo-minderbinder
Apache Airflow Google Provider Improper Input Validation vulnerability High
CVE-2023-25692 was published for apache-airflow-providers-google (pip) Feb 24, 2023
Apache Airflow Spark Provider vulnerable to improper input validation High
CVE-2023-28710 was published for apache-airflow-providers-apache-spark (pip) Apr 7, 2023
Elastic APM agent for Python client CGI proxy redirection flaw High
CVE-2019-7617 was published for elastic-apm (pip) May 24, 2022
Plone Header Injection High
CVE-2015-7318 was published for plone (pip) May 17, 2022
Topydo Improper Input Validation vulnerability High
CVE-2018-1000523 was published for topydo (pip) Sep 13, 2018
Improper Input Validation in python-dbusmock High
CVE-2015-1326 was published for python-dbusmock (pip) Apr 23, 2019
WASM3 Improper Input Validation vulnerability High
CVE-2022-39974 was published for pywasm3 (pip) Sep 21, 2022
Improper Input Validation python-gnupg High
CVE-2019-6690 was published for python-gnupg (pip) Mar 25, 2019
Information disclosure in Django High
CVE-2021-45116 was published for Django (pip) Jan 12, 2022
tdunlap607
Flask is vulnerable to Denial of Service via incorrect encoding of JSON data High
CVE-2018-1000656 was published for flask (pip) Aug 23, 2018
tdunlap607
Matrix Synapse DoS High
CVE-2018-10657 was published for matrix-synapse (pip) May 14, 2022
ProTip! Advisories are also available from the GraphQL API