Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

228 advisories

Loading
FedMsg not properly completing message validation High
CVE-2017-1000001 was published for FedMsg (pip) Jul 13, 2018
cfscrape Improper Input Validation vulnerability High
CVE-2017-7235 was published for cfscrape (pip) Jul 13, 2018
feedparser denial of service vulnerability High
CVE-2011-1156 was published for feedparser (pip) Jul 23, 2018
Django-piston and Django-tastypie do not properly deserialize YAML data Critical
CVE-2011-4103 was published for django-piston (pip) Jul 23, 2018
Plone Denial of Service vulnerability High
CVE-2011-4462 was published for Plone (pip) Jul 23, 2018
Improper query string handling in Django Moderate
CVE-2010-4534 was published for Django (pip) Jul 23, 2018
MarkLee131
Improper date handling in Django Moderate
CVE-2010-4535 was published for Django (pip) Jul 23, 2018
MarkLee131
Session manipulation in Django Moderate
CVE-2011-4136 was published for Django (pip) Jul 23, 2018
MarkLee131
Mitmweb in mitmproxy allows DNS Rebinding attacks Critical
CVE-2018-14505 was published for mitmproxy (pip) Jul 31, 2018
PyCA Cryptography vulnerable to GCM tag forgery High
CVE-2018-10903 was published for cryptography (pip) Jul 31, 2018
Flask is vulnerable to Denial of Service via incorrect encoding of JSON data High
CVE-2018-1000656 was published for flask (pip) Aug 23, 2018
tdunlap607
Ansible fails to properly mark lookup-plugin results as unsafe Critical
CVE-2017-7481 was published for ansible (pip) Sep 6, 2018
Moderate severity vulnerability that affects mailman Moderate
CVE-2018-13796 was published for mailman (pip) Sep 11, 2018
Topydo Improper Input Validation vulnerability High
CVE-2018-1000523 was published for topydo (pip) Sep 13, 2018
Ansible is vulnerable to an improper input validation in Ansible's handling of data sent from client systems High
CVE-2016-9587 was published for ansible (pip) Oct 10, 2018
Improper Input Validation in ansible Moderate
CVE-2016-8647 was published for ansible (pip) Oct 10, 2018
Improper Input Validation in kdcproxy High
CVE-2015-5159 was published for kdcproxy (pip) Nov 1, 2018
python-gnupg vulnerable to shell injection Critical
CVE-2014-1929 was published for python-gnupg (pip) Nov 6, 2018
python-gnupg's shell_quote function does not properly escape characters High
CVE-2014-1928 was published for python-gnupg (pip) Nov 6, 2018
python-gnupg's shell_quote function does not properly quote strings High
CVE-2014-1927 was published for python-gnupg (pip) Nov 6, 2018
Bleach URI Scheme Restriction Bypass Critical
CVE-2018-7753 was published for bleach (pip) Jan 4, 2019
privacyIDEA Improper Input Validation vulnerability High
CVE-2018-1000809 was published for privacyIDEA (pip) Jan 14, 2019
Improper Input Validation in Django Moderate
CVE-2019-3498 was published for Django (pip) Jan 14, 2019
modulemd uses an unsafe function for processing externally provided data Critical
CVE-2017-1002157 was published for modulemd (pip) Jan 17, 2019
Improper Input Validation in Apache Airflow resulting in Remote Code Execution High
CVE-2017-15720 was published for apache-airflow (pip) Jan 25, 2019
sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database