Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

365 advisories

Loading
aubio Buffer Overflow vulnerability Critical
CVE-2018-19800 was published for aubio (pip) Jul 26, 2019
ipycache is vulnerable to Code Injection Critical
CVE-2019-7539 was published for ipycache (pip) Mar 25, 2019
Ansible Remote Code Execution Critical
CVE-2014-4657 was published for ansible (pip) May 17, 2022
Code injection in ymlref Critical
CVE-2018-20133 was published for ymlref (pip) Dec 19, 2018
ReviewBoard and Djblets library are vulnerable to code execution Critical
CVE-2013-4409 was published for ReviewBoard (pip) May 5, 2022
Shinken Solutions Shinken Monitoring vulnerable to Incorrect Access Control Critical
CVE-2022-37298 was published for Shinken (pip) Oct 20, 2022
Duplicate Advisory: Incorrect Authorization in Gerapy Critical
CVE-2021-44597 was published for gerapy (pip) Mar 11, 2022 withdrawn
XML Injection in ReportLab Critical
CVE-2019-17626 was published for reportlab (pip) May 24, 2022
Improper Authentication in requests-kerberos Critical
CVE-2014-8650 was published for requests-kerberos (pip) Mar 10, 2020
SQL injection in Django Critical
CVE-2020-7471 was published for django (pip) Feb 11, 2020
Plone Unauthenticated Write Vulnerability Critical
CVE-2020-7941 was published for Plone (pip) May 24, 2022
Scalyr Agent 2 Missing SSL Certificate Validation Critical
CVE-2020-24715 was published for scalyr-agent-2 (pip) May 24, 2022
Django Rest Framework jwt allows obtaining new token from notionally invalidated token Critical
CVE-2020-10594 was published for drf-jwt (pip) Jun 5, 2020
Loaded Databook of Tablib prone to python insertion resulting in command execution Critical
CVE-2017-2810 was published for tablib (pip) Jul 13, 2018
SQL Injection in pycsw Critical
CVE-2016-8640 was published for pycsw (pip) Aug 15, 2018
Ansible fails to properly sanitize fact variables sent from the Ansible controller Critical
CVE-2016-8628 was published for ansible (pip) Oct 10, 2018
Deserialization of Untrusted Data in superset Critical
CVE-2018-8021 was published for superset (pip) Nov 9, 2018
Ansible fails to properly mark lookup-plugin results as unsafe Critical
CVE-2017-7481 was published for ansible (pip) Sep 6, 2018
Unsafe deserialization in MLAlchemy Critical
CVE-2017-16615 was published for MLAlchemy (pip) Jul 13, 2018
Command injection in Gerapy Critical
CVE-2020-7698 was published for gerapy (pip) May 6, 2021
remote code execution via cache action in MoinMoin Critical
CVE-2020-25074 was published for moin (pip) Nov 11, 2020
Arbitrary code execution in clickhouse-driver Critical
CVE-2020-26759 was published for clickhouse-driver (pip) Apr 7, 2021
xzkostyan
Improper Input Validation in PyYAML Critical
CVE-2020-14343 was published for PyYAML (pip) Mar 25, 2021
Arbitrary code execution due to YAML deserialization Critical
CVE-2021-37678 was published for tensorflow (pip) Aug 25, 2021
Missing Authentication for Critical Function in Apache Airflow Critical
CVE-2021-38540 was published for apache-airflow (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API