Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,049 advisories

Loading
typed-ast Out-of-bounds Read High
CVE-2019-19274 was published for typed-ast (pip) Dec 2, 2019
fritzdal
Improper Input Validation in Apache Airflow resulting in Remote Code Execution High
CVE-2017-15720 was published for apache-airflow (pip) Jan 25, 2019
sunSUNQ
Ansible Exposes Sensitive Information High
CVE-2021-20228 was published for ansible (pip) May 25, 2022
Ansible Uses Plugins That Disclose Credentials High
CVE-2019-14846 was published for ansible (pip) May 24, 2022
Ansible Improper Input Validation vulnerability High
CVE-2018-10874 was published for ansible (pip) May 13, 2022
Apache Airflow vulnerable to Improper Encoding or Escaping of Output High
CVE-2024-45498 was published for apache-airflow (pip) Sep 7, 2024
Apache Airflow vulnerable to Execution with Unnecessary Privileges High
CVE-2024-45034 was published for apache-airflow (pip) Sep 7, 2024
OS Command Injection and Improper Input Validation in ansible High
CVE-2019-14904 was published for ansible (pip) Apr 20, 2021
Improper Verification of Cryptographic Signature in ansible High
CVE-2020-14365 was published for ansible (pip) Apr 20, 2021
Ansible unsafe evaluation of some strings High
CVE-2014-2686 was published for ansible (pip) May 17, 2022
HTML injection in JupyterLite leading to DOM Clobbering High
GHSA-gj55-2xf9-67rq was published for jupyterlite-core (pip) Sep 6, 2024
ishmeals jackfromeast
Apache Airflow vulnerable arbitrary code execution via Spark server High
CVE-2023-40195 was published for apache-airflow-providers-apache-spark (pip) Aug 28, 2023
Path Traversal in Ansible High
CVE-2020-1737 was published for ansible (pip) Apr 20, 2021
Code Injection, Race Condition, and Execution with Unnecessary Privileges in Ansible High
CVE-2020-10684 was published for ansible (pip) Apr 7, 2021
Improper Input Validation and Command Injection in Ansible High
CVE-2021-3583 was published for ansible (pip) Sep 23, 2021
CKAN contains Improper Authentication leading to account takeover High
CVE-2022-43685 was published for ckan (pip) Nov 22, 2022
OS Command Injection in celery High
CVE-2021-23727 was published for celery (pip) Jan 6, 2022
bsdiff4 out-of-bounds write via patch file High
CVE-2020-15904 was published for bsdiff4 (pip) May 24, 2022
Command Injection in Cobbler High
CVE-2021-45082 was published for cobbler (pip) Feb 20, 2022
regular expression denial-of-service (ReDoS) in Bleach High
CVE-2020-6817 was published for bleach (pip) Mar 30, 2020
CoAPthon3 vulnerable to Deserialization of Untrusted Data High
CVE-2018-12679 was published for CoAPthon3 (pip) Apr 8, 2019
Aubio is vulnerable to denial of service via aubio_source_avcodec_readframe function High
CVE-2018-14521 was published for aubio (pip) May 14, 2022
Ansible Arbitrary Code Execution High
CVE-2018-10875 was published for ansible (pip) May 13, 2022
OS Command Injection in bikeshed High
CVE-2021-23422 was published for bikeshed (pip) Aug 30, 2021
Antilles Dependency Confusion Vulnerability High
CVE-2021-3840 was published for antilles-tools (pip) Nov 3, 2021
ProTip! Advisories are also available from the GraphQL API