Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,002 advisories

Loading
High severity vulnerability that affects Jinja2 High
CVE-2016-10745 was published for Jinja2 (pip) Apr 10, 2019
High severity vulnerability that affects postfix-mta-sts-resolver High
CVE-2019-16791 was published for postfix-mta-sts-resolver (pip) Jul 5, 2019
Moderate severity vulnerability that affects splunk-sdk High
CVE-2019-5729 was published for splunk-sdk (pip) Mar 25, 2019
Ansible apt_key module does not properly verify key fingerprint High
CVE-2016-8614 was published for ansible (pip) Oct 10, 2018
High severity vulnerability that affects python-gnupg High
CVE-2013-7323 was published for python-gnupg (pip) Nov 6, 2018
Jupyter Notebook file bypasses sanitization, executes JavaScript High
CVE-2018-8768 was published for notebook (pip) Jul 12, 2018
High severity vulnerability that affects mercurial High
CVE-2017-9462 was published for mercurial (pip) Jul 13, 2018
High severity vulnerability that affects indico High
GHSA-67cx-rhhq-mfhq was published for indico (pip) Oct 11, 2019
Ansible fails to cache SSH host keys High
CVE-2013-2233 was published for ansible (pip) Oct 10, 2018
Gunicorn contains Improper Neutralization of CRLF sequences in HTTP headers High
CVE-2018-1000164 was published for gunicorn (pip) Jul 12, 2018
Mitmweb in mitmproxy allows DNS Rebinding attacks High
CVE-2018-14505 was published for mitmproxy (pip) Jul 31, 2018
High severity vulnerability that affects privacyIDEA High
CVE-2018-1000809 was published for privacyIDEA (pip) Jan 14, 2019
Pycrypto generates weak key parameters High
CVE-2018-6594 was published for pycrypto (pip) Jul 12, 2018
High severity vulnerability that affects cfscrape High
CVE-2017-7235 was published for cfscrape (pip) Jul 13, 2018
Incorrect Default Permissions in keyring High
CVE-2012-5577 was published for keyring (pip) Mar 11, 2020
Uncontrolled Resource Consumption in Indy Node High
CVE-2020-11090 was published for indy-node (pip) Jun 11, 2020
2FA bypass through deleting devices in wagtail-2fa High
CVE-2020-5240 was published for wagtail-2fa (pip) Mar 13, 2020
Double Free in psutil High
CVE-2019-18874 was published for psutil (pip) Mar 12, 2020
graphite.composer.views.send_email vulnerable to SSRF High
CVE-2017-18638 was published for graphite-web (pip) Oct 25, 2019
JLLeitschuh alex
orangetw
Feedgen Vulnerable to XML Denial of Service Attacks High
CVE-2020-5227 was published for feedgen (pip) Jan 28, 2020
Uncontrolled resource consumption in validators Python package High
CVE-2019-19588 was published for validators (pip) Jan 21, 2020
Segmentation faultin TensorFlow when converting a Python string to `tf.float16` High
CVE-2020-5215 was published for tensorflow (pip) Jan 28, 2020
Local Privilege Escalation in PyInstaller High
CVE-2019-16784 was published for PyInstaller (pip) Jan 16, 2020
faridtsl lnv42
htgoebel
Possible remote code execution via a remote procedure call High
GHSA-9ggp-4jpr-7ppj was published for rpyc (pip) Nov 20, 2019 withdrawn
Phoenix-ws source code and data in extensions folder is publicly available High
GHSA-c8f7-x2g7-7fxj was published for phoenix-ws (pip) Jun 2, 2022
ProTip! Advisories are also available from the GraphQL API