GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,002 advisories
Filter by severity
Denial of Service in OpenCV
High
CVE-2017-12600
was published
for
opencv-contrib-python
(pip)
Oct 12, 2021
python-engineio vulnerable to Cross-Site Request Forgery (CSRF)
High
CVE-2019-13611
was published
for
python-engineio
(pip)
Jul 30, 2019
CoAPthon3 vulnerable to Deserialization of Untrusted Data
High
CVE-2018-12679
was published
for
CoAPthon3
(pip)
Apr 8, 2019
Improper Validation of Integrity Check Value in TensorFlow
High
GHSA-43q8-3fv7-pr5x
was published
for
tensorflow
(pip)
Feb 9, 2022
Server crash if running Python 3.10 w/ Sanic 20.12
High
GHSA-7p79-6x2v-5h88
was published
for
sanic
(pip)
Feb 16, 2022
Cross Site Scripting vulnerability in django-jsonform's admin form.
High
GHSA-x9jp-4w8m-4f3c
was published
for
django-jsonform
(pip)
Jun 10, 2022
XSS Vulnerability in Markdown Editor
High
GHSA-85q9-7467-r53q
was published
for
inventree
(pip)
Jun 17, 2022
Insufficient HTML Sanitization
High
GHSA-rm89-9g65-4ffr
was published
for
inventree
(pip)
Jun 17, 2022
SentinelOne impersonated via PyPI packages
High
GHSA-g86j-hwg9-77q5
was published
for
SentinelOne
(pip)
Dec 27, 2022
Missing Initialization of Resource in Apache Arrow
High
CVE-2019-12408
was published
for
pyarrow
(RubyGems)
May 24, 2022
Missing Initialization of Resource in Apache Arrow
High
CVE-2019-12410
was published
for
pyarrow
(RubyGems)
May 24, 2022
Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints
High
CVE-2022-43719
was published
for
apache-superset
(pip)
Jan 16, 2023
Improper Certificate Validation in pyload-ng
High
CVE-2023-0509
was published
for
pyload-ng
(pip)
Jan 27, 2023
Cross Site Request Forgery in mailman
High
CVE-2021-44227
was published
for
mailman
(pip)
Dec 16, 2021
Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI
High
CVE-2022-25512
was published
for
FreeTAKServer-UI
(pip)
Mar 12, 2022
Command injection in libvcs and vcspull
High
CVE-2022-21187
was published
for
libvcs
(pip)
Mar 15, 2022
Hard coded credentials in FreeTAKServer
High
CVE-2022-25510
was published
for
FreeTAKServer
(pip)
Mar 12, 2022
Allocation of Resources Without Limits or Throttling in nvflare
High
CVE-2022-21822
was published
for
nvflare
(pip)
Mar 18, 2022
HTTP Request Smuggling in waitress
High
CVE-2022-24761
was published
for
waitress
(pip)
Mar 18, 2022
Insertion of Sensitive Information into Log File in Jupyter notebook
High
CVE-2022-24757
was published
for
jupyter-server
(pip)
Mar 25, 2022
ProTip!
Advisories are also available from the
GraphQL API