Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,002 advisories

Loading
Kallithea cross-site request forgery (CSRF) vulnerability High
CVE-2015-0276 was published for Kallithea (pip) May 13, 2022
OpenStack Nova-LXD bypass security restrictions High
CVE-2017-5936 was published for nova-lxd (pip) May 13, 2022
SaltStack RSA Key Generation allows remote users to decrypt communications High
CVE-2013-2228 was published for salt (pip) May 5, 2022
Infinite Loop in Django High
CVE-2022-23833 was published for Django (pip) Feb 4, 2022
tdunlap607 MarkLee131
Django XSS Vulnerability High
CVE-2016-2512 was published for django (pip) May 17, 2022
MarkLee131
Django CSRF Protection Bypass High
CVE-2016-7401 was published for django (pip) May 14, 2022
MarkLee131
Django DNS Rebinding Vulnerability High
CVE-2016-9014 was published for django (pip) May 17, 2022
MarkLee131
Django Information leakage in AuthenticationForm High
CVE-2018-6188 was published for django (pip) Oct 3, 2018
MarkLee131
Litestar and Starlite vulnerable to Path Traversal High
CVE-2024-32982 was published for litestar (pip) May 6, 2024
brian-edgar-re
Arbitrary HTML present after sanitization because of unicode normalization High
CVE-2024-34078 was published for html-sanitizer (pip) May 6, 2024
yzueger
sagemaker-python-sdk Command Injection vulnerability High
CVE-2024-34073 was published for sagemaker (pip) May 3, 2024
Kasimir123
sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data High
CVE-2024-34072 was published for sagemaker (pip) May 3, 2024
Kasimir123
aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests High
CVE-2024-30251 was published for aiohttp (pip) May 3, 2024
bytehope
fonttools XML External Entity Injection (XXE) Vulnerability High
CVE-2023-45139 was published for fonttools (pip) Jan 9, 2024
acornall
OpenStack Storlets arbitrary code execution vulnerability High
CVE-2024-28717 was published for storlets (pip) Apr 22, 2024
SaltStack Salt Improper SSL Certificate Validation High
CVE-2020-35662 was published for salt (pip) May 24, 2022
Django Denial-of-service in django.utils.text.Truncator High
CVE-2019-14232 was published for django (pip) Aug 6, 2019
Mercurial vulnerable to arbitrary code execution when converting Git repos High
CVE-2016-3105 was published for mercurial (pip) May 17, 2022
Mercurial Improper Input Validation vulnerability High
CVE-2018-13348 was published for mercurial (pip) May 13, 2022
Mercurial Improper Input Validation vulnerability High
CVE-2018-13346 was published for mercurial (pip) May 13, 2022
Mercurial missing symlink check High
CVE-2017-1000115 was published for mercurial (pip) May 14, 2022
Mercurial vulnerable to arbitrary code execution via a crafted name when converting a Git repository High
CVE-2016-3069 was published for mercurial (pip) May 14, 2022
Mercurial arbitrary code execution vulnerability High
CVE-2016-3630 was published for mercurial (pip) May 14, 2022
Mercurial arbitrary code execution via a crafted git ext:: URL High
CVE-2016-3068 was published for mercurial (pip) May 14, 2022
Mercurial vulnerable to arbitrary command execution via a crafted repository name in a clone command High
CVE-2014-9462 was published for mercurial (pip) May 14, 2022
ProTip! Advisories are also available from the GraphQL API