Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

53 advisories

Loading
Signature verification vulnerability in Stark Bank ecdsa libraries High
GHSA-9wx7-jrvc-28mm was published for com.starkbank:ecdsa-java (Maven) Nov 8, 2021
tdunlap607
Command Injection in Pygments Critical
CVE-2015-8557 was published for Pygments (pip) May 17, 2022
tdunlap607
Sentry vulnerable to invite code reuse via cookie manipulation Moderate
CVE-2022-23485 was published for sentry (pip) Dec 12, 2022
tdunlap607
Uncontrolled Resource Consumption in asyncua and opcua High
CVE-2022-25304 was published for asyncua (pip) Aug 24, 2022
GoetzGoerisch tdunlap607
pysaml2 Improper Authentication vulnerability High
CVE-2017-1000433 was published for pysaml2 (pip) Jul 13, 2018
tdunlap607
Plone Code Injection vulnerability High
CVE-2012-5488 was published for Plone (pip) May 17, 2022
tdunlap607
Deserialization of Untrusted Data in ParlAI Moderate
CVE-2021-24040 was published for parlai (pip) Sep 13, 2021
tdunlap607
XML External Entity Injection in PyWPS High
CVE-2021-39371 was published for pywps (pip) Sep 2, 2021
tdunlap607
Buffer Overflow in Pillow Critical
CVE-2021-34552 was published for pillow (pip) Oct 5, 2021
tdunlap607
Authentication Bypass Using an Alternate Path or Channel and Authentication Bypass by Primary Weakness in rucio-webui High
GHSA-v988-828w-xvf2 was published for rucio-webui (pip) Oct 22, 2021
tdunlap607
Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields Moderate
CVE-2021-29434 was published for wagtail (pip) Apr 20, 2021
kevthehermit gasman
tdunlap607
OpenStack Image Service (Glance) allows remote authenticated users to read arbitrary file Moderate
CVE-2015-5163 was published for glance (pip) May 17, 2022
tdunlap607
open redirect in pollbot Moderate
CVE-2022-0637 was published for pollbot (pip) Feb 16, 2022
sampritdas8 tdunlap607
Plone User account enumeration via crafted URL Moderate
CVE-2012-5497 was published for plone (pip) May 17, 2022
tdunlap607
PyKMIP Denial of service vulnerability Moderate
CVE-2018-1000872 was published for pykmip (pip) Dec 21, 2018
tdunlap607
Improper Input Validation in PyYAML Critical
CVE-2020-1747 was published for pyyaml (pip) Apr 20, 2021
tdunlap607
Cross-site Scripting in Mistune Moderate
CVE-2017-15612 was published for mistune (pip) May 17, 2022
tdunlap607
cleo is vulnerable to Regular Expression Denial of Service (ReDoS) Moderate
CVE-2022-42966 was published for cleo (pip) Nov 10, 2022
neersighted tdunlap607
Out-of-bounds Read in Pillow Moderate
CVE-2022-22816 was published for Pillow (pip) Jan 12, 2022
tdunlap607
Regular Expression Denial of Service (ReDoS) in Jinja2 Moderate
CVE-2020-28493 was published for jinja2 (pip) Mar 19, 2021
tdunlap607
CRLF Injection in pypiserver Moderate
CVE-2019-6802 was published for pypiserver (pip) Jan 30, 2019
tdunlap607
Session Fixation in ipsilon Critical
CVE-2016-8638 was published for ipsilon (pip) May 14, 2022
tdunlap607
Log injection in uvicorn High
CVE-2020-7694 was published for uvicorn (pip) Jul 29, 2020
tdunlap607
PyOpenSSL Use-After-Free vulnerability High
CVE-2018-1000807 was published for pyopenssl (pip) Oct 10, 2018
tdunlap607
Improper Certificate Validation in urllib3 High
CVE-2019-11324 was published for urllib3 (pip) Apr 19, 2019
tdunlap607
ProTip! Advisories are also available from the GraphQL API