Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,444 advisories

Loading
XSS in jQuery as used in Drupal, Backdrop CMS, and other products Moderate
CVE-2019-11358 was published for django (RubyGems) Apr 26, 2019
klaudialax eoftedal
NULL Pointer Dereference in Google TensorFlow Moderate
CVE-2019-9635 was published for tensorflow (pip) Apr 30, 2019
Twisted CRLF Injection Moderate
CVE-2019-12387 was published for twisted (pip) Jun 10, 2019
Django Cross-site Scripting in AdminURLFieldWidget Moderate
CVE-2019-12308 was published for django (pip) Jun 10, 2019
sunSUNQ
Django Incorrect HTTP detection with reverse-proxy connecting via HTTPS Moderate
CVE-2019-12781 was published for django (pip) Jul 3, 2019
Injection vulnerability that affects ironic-discoverd Moderate
CVE-2015-5306 was published for python-ironic-inspector-client (pip) Jul 5, 2019
Moderate severity vulnerability that affects invenio-app Moderate
CVE-2019-1020006 was published for invenio-app (pip) Jul 16, 2019
Cross-site scripting invenio-records Moderate
CVE-2019-1020003 was published for invenio-records (pip) Jul 16, 2019
Cross-site Scripting in invenio-previewer Moderate
CVE-2019-1020019 was published for invenio-previewer (pip) Jul 16, 2019
Cross-site Scripting in invenio-communities Moderate
CVE-2019-1020005 was published for invenio-communities (pip) Jul 16, 2019
tdunlap607
Exposure of Sensitive Information to an Unauthorized Actor in ansible Moderate
CVE-2019-10156 was published for ansible (pip) Jul 31, 2019
tdunlap607
Cross-site scripting in recommender-xblock Moderate
CVE-2018-20858 was published for recommender-xblock (pip) Aug 21, 2019
Cross-site Scripting in django-js-reverse Moderate
CVE-2019-15486 was published for django-js-reverse (pip) Aug 27, 2019
tdunlap607
Cross-site scripting in Jupyter Notebook Moderate
CVE-2018-21030 was published for notebook (pip) Nov 8, 2019
Apache Airflow vulnerable to XSS and local file disclosure Moderate
CVE-2019-12417 was published for apache-airflow (pip) Nov 22, 2019
sunSUNQ
possible DoS caused by malformed signature decoding in Pure-Python ECDSA Moderate
GHSA-2mrj-435v-c2cr was published for ecdsa (pip) Dec 2, 2019 withdrawn
Django allows unintended model editing Moderate
CVE-2019-19118 was published for django (pip) Dec 4, 2019
sunSUNQ
Catastrophic backtracking in regex allows Denial of Service in Waitress Moderate
CVE-2020-5236 was published for waitress (pip) Feb 4, 2020
XSS in Bleach when noscript and raw tag whitelisted Moderate
CVE-2020-6802 was published for bleach (pip) Feb 24, 2020
Inclusion of Sensitive Information in Log Files and Improper Output Neutralization for Logs in Ansible Moderate
CVE-2019-14864 was published for ansible (pip) Feb 26, 2020
Information disclosure in Apache Superset Moderate
CVE-2020-1932 was published for apache-superset (pip) Feb 26, 2020
Users can view database names in Apache Superset Moderate
CVE-2019-12414 was published for apache-superset (pip) Feb 26, 2020
Users able to query database metadata in Apache Superset Moderate
CVE-2019-12413 was published for apache-superset (pip) Feb 26, 2020
Incorrect Default Permissions in keyring Moderate
CVE-2012-5578 was published for keyring (pip) Mar 10, 2020
Link Following in rply Moderate
CVE-2014-1938 was published for rply (pip) Mar 11, 2020
ProTip! Advisories are also available from the GraphQL API