Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

3,260 advisories

Loading
XSS in python-markdown2 Moderate
CVE-2020-11888 was published for markdown2 (pip) Apr 22, 2020
schinckel
SQL injection in Tortoise ORM Moderate
CVE-2020-11010 was published for tortoise-orm (pip) Apr 20, 2020
Possible XSS attack in Wagtail Moderate
CVE-2020-11001 was published for wagtail (pip) Apr 14, 2020
Uncontrolled Resource Consumption in Pillow High
CVE-2019-19911 was published for Pillow (pip) Apr 1, 2020
Out-of-bounds Read in Pillow High
CVE-2020-5313 was published for Pillow (pip) Apr 1, 2020
Improper Verification of Cryptographic Signature in Pure-Python ECDSA Critical
CVE-2019-14859 was published for ecdsa (pip) Apr 1, 2020
Improper Input Validation in Twisted Critical
CVE-2020-10108 was published for Twisted (pip) Mar 31, 2020
HTTP Request Smuggling in Twisted Critical
CVE-2020-10109 was published for Twisted (pip) Mar 31, 2020
regular expression denial-of-service (ReDoS) in Bleach High
CVE-2020-6817 was published for bleach (pip) Mar 30, 2020
Vyper interfaces returning integer types less than 256 bits can be manipulated if uint256 is used Low
GHSA-mr6r-mvw4-736g was published for vyper (pip) Mar 25, 2020
montyly
Malicious package may avoid detection in python auditing Moderate
CVE-2020-5252 was published for safety (pip) Mar 24, 2020
akoumjian G-Rath
Bleach vulnerable to mutation XSS via whitelisted math or svg and raw tag Moderate
CVE-2020-6816 was published for bleach (pip) Mar 24, 2020
GitHub personal access token leaking into temporary EasyBuild (debug) logs Critical
CVE-2020-5262 was published for easybuild-framework (pip) Mar 19, 2020
zao boegel
Potential buffer overflow in psd-tools Critical
CVE-2020-10571 was published for psd-tools (pip) Mar 16, 2020
2FA bypass through deleting devices in wagtail-2fa High
CVE-2020-5240 was published for wagtail-2fa (pip) Mar 13, 2020
python-gnupg allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended Moderate
GHSA-qh62-ch95-63wh was published for python-gnupg (pip) Mar 13, 2020 withdrawn
python-docutils allows insecure usage of temporary files Critical
CVE-2009-5042 was published for docutils (pip) Mar 13, 2020
Double Free in psutil High
CVE-2019-18874 was published for psutil (pip) Mar 12, 2020
Improper Access Control in novajoin High
CVE-2019-10138 was published for novajoin (pip) Mar 12, 2020
Incorrect Default Permissions in keyring High
CVE-2012-5577 was published for keyring (pip) Mar 11, 2020
Link Following in rply Moderate
CVE-2014-1938 was published for rply (pip) Mar 11, 2020
Incorrect Default Permissions in keyring High
CVE-2012-5578 was published for keyring (pip) Mar 10, 2020
Insufficient Verification of Data Authenticity in python-keystoneclient Critical
CVE-2013-2167 was published for python-keystoneclient (pip) Mar 10, 2020
Improper Authentication in requests-kerberos Critical
CVE-2014-8650 was published for requests-kerberos (pip) Mar 10, 2020
Users able to query database metadata in Apache Superset Moderate
CVE-2019-12413 was published for apache-superset (pip) Feb 26, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database