GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,444 advisories
Filter by severity
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Moderate
CVE-2019-11358
was published
for
django
(RubyGems)
Apr 26, 2019
NULL Pointer Dereference in Google TensorFlow
Moderate
CVE-2019-9635
was published
for
tensorflow
(pip)
Apr 30, 2019
Django Cross-site Scripting in AdminURLFieldWidget
Moderate
CVE-2019-12308
was published
for
django
(pip)
Jun 10, 2019
Django Incorrect HTTP detection with reverse-proxy connecting via HTTPS
Moderate
CVE-2019-12781
was published
for
django
(pip)
Jul 3, 2019
Injection vulnerability that affects ironic-discoverd
Moderate
CVE-2015-5306
was published
for
python-ironic-inspector-client
(pip)
Jul 5, 2019
Moderate severity vulnerability that affects invenio-app
Moderate
CVE-2019-1020006
was published
for
invenio-app
(pip)
Jul 16, 2019
Cross-site scripting invenio-records
Moderate
CVE-2019-1020003
was published
for
invenio-records
(pip)
Jul 16, 2019
Cross-site Scripting in invenio-previewer
Moderate
CVE-2019-1020019
was published
for
invenio-previewer
(pip)
Jul 16, 2019
Cross-site Scripting in invenio-communities
Moderate
CVE-2019-1020005
was published
for
invenio-communities
(pip)
Jul 16, 2019
Exposure of Sensitive Information to an Unauthorized Actor in ansible
Moderate
CVE-2019-10156
was published
for
ansible
(pip)
Jul 31, 2019
Cross-site scripting in recommender-xblock
Moderate
CVE-2018-20858
was published
for
recommender-xblock
(pip)
Aug 21, 2019
Cross-site Scripting in django-js-reverse
Moderate
CVE-2019-15486
was published
for
django-js-reverse
(pip)
Aug 27, 2019
Cross-site scripting in Jupyter Notebook
Moderate
CVE-2018-21030
was published
for
notebook
(pip)
Nov 8, 2019
Apache Airflow vulnerable to XSS and local file disclosure
Moderate
CVE-2019-12417
was published
for
apache-airflow
(pip)
Nov 22, 2019
possible DoS caused by malformed signature decoding in Pure-Python ECDSA
Moderate
GHSA-2mrj-435v-c2cr
was published
for
ecdsa
(pip)
Dec 2, 2019
•
withdrawn
Django allows unintended model editing
Moderate
CVE-2019-19118
was published
for
django
(pip)
Dec 4, 2019
Catastrophic backtracking in regex allows Denial of Service in Waitress
Moderate
CVE-2020-5236
was published
for
waitress
(pip)
Feb 4, 2020
XSS in Bleach when noscript and raw tag whitelisted
Moderate
CVE-2020-6802
was published
for
bleach
(pip)
Feb 24, 2020
Inclusion of Sensitive Information in Log Files and Improper Output Neutralization for Logs in Ansible
Moderate
CVE-2019-14864
was published
for
ansible
(pip)
Feb 26, 2020
Information disclosure in Apache Superset
Moderate
CVE-2020-1932
was published
for
apache-superset
(pip)
Feb 26, 2020
Users can view database names in Apache Superset
Moderate
CVE-2019-12414
was published
for
apache-superset
(pip)
Feb 26, 2020
Users able to query database metadata in Apache Superset
Moderate
CVE-2019-12413
was published
for
apache-superset
(pip)
Feb 26, 2020
Incorrect Default Permissions in keyring
Moderate
CVE-2012-5578
was published
for
keyring
(pip)
Mar 10, 2020
ProTip!
Advisories are also available from the
GraphQL API