Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

3,258 advisories

Loading
Inclusion of Sensitive Information in Log Files and Improper Output Neutralization for Logs in Ansible Moderate
CVE-2019-14864 was published for ansible (pip) Feb 26, 2020
XSS in Bleach when noscript and raw tag whitelisted Moderate
CVE-2020-6802 was published for bleach (pip) Feb 24, 2020
SQL injection in Django Critical
CVE-2020-7471 was published for Django (pip) Feb 11, 2020
Catastrophic backtracking in regex allows Denial of Service in Waitress Moderate
CVE-2020-5236 was published for waitress (pip) Feb 4, 2020
Feedgen Vulnerable to XML Denial of Service Attacks Moderate
CVE-2020-5227 was published for feedgen (pip) Jan 28, 2020
Segmentation faultin TensorFlow when converting a Python string to `tf.float16` High
CVE-2020-5215 was published for tensorflow (pip) Jan 28, 2020
Session key exposure through session list in Django User Sessions Moderate
CVE-2020-5224 was published for django-user-sessions (pip) Jan 24, 2020
Uncontrolled resource consumption in validators Python package High
CVE-2019-19588 was published for validators (pip) Jan 21, 2020
Django Potential account hijack via password reset form Critical
CVE-2019-19844 was published for Django (pip) Jan 16, 2020
Local Privilege Escalation in PyInstaller High
CVE-2019-16784 was published for PyInstaller (pip) Jan 16, 2020
faridtsl lnv42
htgoebel
HTTP Request Smuggling in Waitress: Invalid whitespace characters in headers (Follow-up) High
CVE-2019-16789 was published for waitress (pip) Jan 6, 2020
HTTP Request Smuggling: Invalid whitespace characters in headers in Waitress High
GHSA-m5ff-3wj3-8ph4 was published for waitress (pip) Dec 26, 2019
HTTP Request Smuggling: Content-Length Sent Twice in Waitress Critical
GHSA-4ppp-gpcr-7qf6 was published for waitress (pip) Dec 20, 2019
HTTP Request Smuggling: Invalid Transfer-Encoding in Waitress High
CVE-2019-16786 was published for waitress (pip) Dec 20, 2019
HTTP Request Smuggling: LF vs CRLF handling in Waitress High
CVE-2019-16785 was published for waitress (pip) Dec 20, 2019
Python Twisted trustRoot is not respected in HTTP client High
CVE-2014-7143 was published for twisted (pip) Dec 17, 2019
Heap buffer overflow in `UnsortedSegmentSum` in TensorFlow Low
CVE-2019-16778 was published for tensorflow (pip) Dec 16, 2019
Django allows unintended model editing Moderate
CVE-2019-19118 was published for Django (pip) Dec 4, 2019
sunSUNQ
Duplicate Advisory: possible DoS caused by malformed signature decoding in Pure-Python ECDSA Moderate
GHSA-2mrj-435v-c2cr was published for ecdsa (pip) Dec 2, 2019 withdrawn
typed-ast Out-of-bounds Read High
CVE-2019-19275 was published for typed-ast (pip) Dec 2, 2019
typed-ast Out-of-bounds Read High
CVE-2019-19274 was published for typed-ast (pip) Dec 2, 2019
fritzdal
2FA bypass in Wagtail through new device path High
CVE-2019-16766 was published for wagtail-2fa (pip) Nov 29, 2019
Apache Airflow vulnerable to XSS and local file disclosure Moderate
CVE-2019-12417 was published for airflow (pip) Nov 22, 2019
sunSUNQ
Uncontrolled deserialization of a pickled object in rediswrapper allows attackers to execute arbitrary scripts Critical
CVE-2019-17206 was published for rediswrapper (pip) Nov 20, 2019
Possible remote code execution via a remote procedure call High
GHSA-9ggp-4jpr-7ppj was published for rpyc (pip) Nov 20, 2019 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database