GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
365 advisories
Filter by severity
aubio Buffer Overflow vulnerability
Critical
CVE-2018-19800
was published
for
aubio
(pip)
Jul 26, 2019
ipycache is vulnerable to Code Injection
Critical
CVE-2019-7539
was published
for
ipycache
(pip)
Mar 25, 2019
ReviewBoard and Djblets library are vulnerable to code execution
Critical
CVE-2013-4409
was published
for
ReviewBoard
(pip)
May 5, 2022
Shinken Solutions Shinken Monitoring vulnerable to Incorrect Access Control
Critical
CVE-2022-37298
was published
for
Shinken
(pip)
Oct 20, 2022
Duplicate Advisory: Incorrect Authorization in Gerapy
Critical
CVE-2021-44597
was published
for
gerapy
(pip)
Mar 11, 2022
•
withdrawn
Improper Authentication in requests-kerberos
Critical
CVE-2014-8650
was published
for
requests-kerberos
(pip)
Mar 10, 2020
Plone Unauthenticated Write Vulnerability
Critical
CVE-2020-7941
was published
for
Plone
(pip)
May 24, 2022
Scalyr Agent 2 Missing SSL Certificate Validation
Critical
CVE-2020-24715
was published
for
scalyr-agent-2
(pip)
May 24, 2022
Django Rest Framework jwt allows obtaining new token from notionally invalidated token
Critical
CVE-2020-10594
was published
for
drf-jwt
(pip)
Jun 5, 2020
Loaded Databook of Tablib prone to python insertion resulting in command execution
Critical
CVE-2017-2810
was published
for
tablib
(pip)
Jul 13, 2018
Ansible fails to properly sanitize fact variables sent from the Ansible controller
Critical
CVE-2016-8628
was published
for
ansible
(pip)
Oct 10, 2018
Deserialization of Untrusted Data in superset
Critical
CVE-2018-8021
was published
for
superset
(pip)
Nov 9, 2018
Ansible fails to properly mark lookup-plugin results as unsafe
Critical
CVE-2017-7481
was published
for
ansible
(pip)
Sep 6, 2018
Unsafe deserialization in MLAlchemy
Critical
CVE-2017-16615
was published
for
MLAlchemy
(pip)
Jul 13, 2018
remote code execution via cache action in MoinMoin
Critical
CVE-2020-25074
was published
for
moin
(pip)
Nov 11, 2020
Arbitrary code execution in clickhouse-driver
Critical
CVE-2020-26759
was published
for
clickhouse-driver
(pip)
Apr 7, 2021
Improper Input Validation in PyYAML
Critical
CVE-2020-14343
was published
for
PyYAML
(pip)
Mar 25, 2021
Arbitrary code execution due to YAML deserialization
Critical
CVE-2021-37678
was published
for
tensorflow
(pip)
Aug 25, 2021
Missing Authentication for Critical Function in Apache Airflow
Critical
CVE-2021-38540
was published
for
apache-airflow
(pip)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API