GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,258 advisories
Filter by severity
Inclusion of Sensitive Information in Log Files and Improper Output Neutralization for Logs in Ansible
Moderate
CVE-2019-14864
was published
for
ansible
(pip)
Feb 26, 2020
XSS in Bleach when noscript and raw tag whitelisted
Moderate
CVE-2020-6802
was published
for
bleach
(pip)
Feb 24, 2020
Catastrophic backtracking in regex allows Denial of Service in Waitress
Moderate
CVE-2020-5236
was published
for
waitress
(pip)
Feb 4, 2020
Feedgen Vulnerable to XML Denial of Service Attacks
Moderate
CVE-2020-5227
was published
for
feedgen
(pip)
Jan 28, 2020
Segmentation faultin TensorFlow when converting a Python string to `tf.float16`
High
CVE-2020-5215
was published
for
tensorflow
(pip)
Jan 28, 2020
Session key exposure through session list in Django User Sessions
Moderate
CVE-2020-5224
was published
for
django-user-sessions
(pip)
Jan 24, 2020
Uncontrolled resource consumption in validators Python package
High
CVE-2019-19588
was published
for
validators
(pip)
Jan 21, 2020
Django Potential account hijack via password reset form
Critical
CVE-2019-19844
was published
for
Django
(pip)
Jan 16, 2020
Local Privilege Escalation in PyInstaller
High
CVE-2019-16784
was published
for
PyInstaller
(pip)
Jan 16, 2020
HTTP Request Smuggling in Waitress: Invalid whitespace characters in headers (Follow-up)
High
CVE-2019-16789
was published
for
waitress
(pip)
Jan 6, 2020
HTTP Request Smuggling: Invalid whitespace characters in headers in Waitress
High
GHSA-m5ff-3wj3-8ph4
was published
for
waitress
(pip)
Dec 26, 2019
HTTP Request Smuggling: Content-Length Sent Twice in Waitress
Critical
GHSA-4ppp-gpcr-7qf6
was published
for
waitress
(pip)
Dec 20, 2019
HTTP Request Smuggling: Invalid Transfer-Encoding in Waitress
High
CVE-2019-16786
was published
for
waitress
(pip)
Dec 20, 2019
HTTP Request Smuggling: LF vs CRLF handling in Waitress
High
CVE-2019-16785
was published
for
waitress
(pip)
Dec 20, 2019
Python Twisted trustRoot is not respected in HTTP client
High
CVE-2014-7143
was published
for
twisted
(pip)
Dec 17, 2019
Heap buffer overflow in `UnsortedSegmentSum` in TensorFlow
Low
CVE-2019-16778
was published
for
tensorflow
(pip)
Dec 16, 2019
Django allows unintended model editing
Moderate
CVE-2019-19118
was published
for
Django
(pip)
Dec 4, 2019
Duplicate Advisory: possible DoS caused by malformed signature decoding in Pure-Python ECDSA
Moderate
GHSA-2mrj-435v-c2cr
was published
for
ecdsa
(pip)
Dec 2, 2019
•
withdrawn
2FA bypass in Wagtail through new device path
High
CVE-2019-16766
was published
for
wagtail-2fa
(pip)
Nov 29, 2019
Apache Airflow vulnerable to XSS and local file disclosure
Moderate
CVE-2019-12417
was published
for
airflow
(pip)
Nov 22, 2019
Uncontrolled deserialization of a pickled object in rediswrapper allows attackers to execute arbitrary scripts
Critical
CVE-2019-17206
was published
for
rediswrapper
(pip)
Nov 20, 2019
Possible remote code execution via a remote procedure call
High
GHSA-9ggp-4jpr-7ppj
was published
for
rpyc
(pip)
Nov 20, 2019
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API