Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

70 advisories

Loading
Django Allows Open Redirects High
CVE-2014-3730 was published for Django (pip) May 14, 2022
Mesop has a local file Inclusion via static file serving functionality High
CVE-2024-45601 was published for mesop (pip) Sep 18, 2024
Letm3through
Django Allows Arbitrary URL Generation High
CVE-2012-4520 was published for django (pip) May 17, 2022
Django Vulnerable to HTTP Response Splitting Attack High
CVE-2015-5144 was published for Django (pip) May 17, 2022
sunSUNQ
Django Incorrectly Validates URLs High
CVE-2014-0480 was published for Django (pip) May 14, 2022
Django Image Field Vulnerable to Image Decompression Bombs High
CVE-2012-3443 was published for Django (pip) May 17, 2022
Django Vulnerable to Cache Poisoning High
CVE-2011-4139 was published for Django (pip) May 14, 2022
Django Might Allow CSRF Requests via URL Verification High
CVE-2011-4138 was published for Django (pip) May 14, 2022
Improper input validation in cryptography High
CVE-2016-9243 was published for cryptography (pip) May 17, 2022
jhutchings1
PyCA Cryptography vulnerable to GCM tag forgery High
CVE-2018-10903 was published for cryptography (pip) Jul 31, 2018
Bottle does not properly limit content-types High
CVE-2014-3137 was published for bottle (pip) May 17, 2022
cfscrape Improper Input Validation vulnerability High
CVE-2017-7235 was published for cfscrape (pip) Jul 13, 2018
apache-airflow-providers-apache-drill Improper Input Validation vulnerability High
CVE-2023-39553 was published for apache-airflow-providers-apache-drill (pip) Aug 11, 2023
Apache Airflow Drill Provider vulnerable to improper input validation High
CVE-2023-28707 was published for apache-airflow-providers-apache-drill (pip) Apr 7, 2023
Improper Input Validation in Apache Airflow resulting in Remote Code Execution High
CVE-2017-15720 was published for apache-airflow (pip) Jan 25, 2019
sunSUNQ
Ansible Improper Input Validation vulnerability High
CVE-2018-10874 was published for ansible (pip) May 13, 2022
OS Command Injection and Improper Input Validation in ansible High
CVE-2019-14904 was published for ansible (pip) Apr 20, 2021
Improper Input Validation and Command Injection in Ansible High
CVE-2021-3583 was published for ansible (pip) Sep 23, 2021
Ansible is vulnerable to an improper input validation in Ansible's handling of data sent from client systems High
CVE-2016-9587 was published for ansible (pip) Oct 10, 2018
Ansible Arbitrary Code Execution High
CVE-2017-7466 was published for ansible (pip) May 13, 2022
Ansible Arbitrary Code Execution High
CVE-2014-3498 was published for ansible (pip) May 14, 2022
ansible-runner vulnerable to shell command injection High
CVE-2021-4041 was published for ansible-runner (pip) Aug 25, 2022
Improper Input Validation in Google TensorFlow High
CVE-2018-7577 was published for tensorflow (pip) Apr 30, 2019
Weave server API vulnerable to arbitrary file leak High
CVE-2024-7340 was published for weave (pip) Jul 31, 2024
Apache Avro Java SDK vulnerable to Improper Input Validation High
CVE-2023-39410 was published for avro (Maven) Sep 29, 2023
ProTip! Advisories are also available from the GraphQL API