GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,260 advisories
Filter by severity
websockets is vulnerable to denial of service by memory exhaustion
High
CVE-2018-1000518
was published
for
websockets
(pip)
Sep 17, 2018
Django allows unprivileged users to read the password hashes of arbitrary accounts
Moderate
CVE-2018-16984
was published
for
django
(pip)
Oct 3, 2018
Django vulnerable to information leakage in AuthenticationForm
High
CVE-2018-6188
was published
for
Django
(pip)
Oct 3, 2018
Paramiko Authentication Bypass vulnerability
High
CVE-2018-1000805
was published
for
paramiko
(pip)
Oct 10, 2018
Pyopenssl Incorrect Memory Management
Moderate
CVE-2018-1000808
was published
for
pyopenssl
(pip)
Oct 10, 2018
PyOpenSSL Use-After-Free vulnerability
High
CVE-2018-1000807
was published
for
pyopenssl
(pip)
Oct 10, 2018
In marshmallow library the schema "only" option treats an empty list as implying no "only" option
Moderate
CVE-2018-17175
was published
for
marshmallow
(pip)
Oct 10, 2018
Ansible is vulnerable to an improper input validation in Ansible's handling of data sent from client systems
High
CVE-2016-9587
was published
for
ansible
(pip)
Oct 10, 2018
Ansible fails to properly sanitize fact variables sent from the Ansible controller
Critical
CVE-2016-8628
was published
for
ansible
(pip)
Oct 10, 2018
Ansible exposes sensitive data in log files and on the terminal
Moderate
CVE-2018-10855
was published
for
ansible
(pip)
Oct 10, 2018
Ansible apt_key module does not properly verify key fingerprint
High
CVE-2016-8614
was published
for
ansible
(pip)
Oct 10, 2018
Improper Input Validation in ansible
Moderate
CVE-2016-8647
was published
for
ansible
(pip)
Oct 10, 2018
Ansible fails to cache SSH host keys
High
CVE-2013-2233
was published
for
ansible
(pip)
Oct 10, 2018
Ansible does not verify that the server hostname matches a domain name in certificates
High
CVE-2015-3908
was published
for
ansible
(pip)
Oct 10, 2018
conference-scheduler-cli Arbitrary Code Execution
High
CVE-2018-14572
was published
for
conference-scheduler-cli
(pip)
Oct 29, 2018
Insufficiently Protected Credentials in Requests
High
CVE-2018-18074
was published
for
requests
(pip)
Oct 29, 2018
Improper Input Validation in kdcproxy
High
CVE-2015-5159
was published
for
kdcproxy
(pip)
Nov 1, 2018
python-gnupg vulnerable to shell injection
Moderate
CVE-2014-1929
was published
for
python-gnupg
(pip)
Nov 6, 2018
Moderate severity vulnerability that affects python-gnupg
Moderate
CVE-2014-1928
was published
for
python-gnupg
(pip)
Nov 6, 2018
High severity vulnerability that affects python-gnupg
High
CVE-2013-7323
was published
for
python-gnupg
(pip)
Nov 6, 2018
High severity vulnerability that affects python-gnupg
High
CVE-2014-1927
was published
for
python-gnupg
(pip)
Nov 6, 2018
Deserialization of Untrusted Data in superset
Critical
CVE-2018-8021
was published
for
superset
(pip)
Nov 9, 2018
ProTip!
Advisories are also available from the
GraphQL API