GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,002 advisories
Filter by severity
High severity vulnerability that affects Jinja2
High
CVE-2016-10745
was published
for
Jinja2
(pip)
Apr 10, 2019
High severity vulnerability that affects postfix-mta-sts-resolver
High
CVE-2019-16791
was published
for
postfix-mta-sts-resolver
(pip)
Jul 5, 2019
Moderate severity vulnerability that affects splunk-sdk
High
CVE-2019-5729
was published
for
splunk-sdk
(pip)
Mar 25, 2019
Ansible apt_key module does not properly verify key fingerprint
High
CVE-2016-8614
was published
for
ansible
(pip)
Oct 10, 2018
High severity vulnerability that affects python-gnupg
High
CVE-2013-7323
was published
for
python-gnupg
(pip)
Nov 6, 2018
Jupyter Notebook file bypasses sanitization, executes JavaScript
High
CVE-2018-8768
was published
for
notebook
(pip)
Jul 12, 2018
High severity vulnerability that affects mercurial
High
CVE-2017-9462
was published
for
mercurial
(pip)
Jul 13, 2018
High severity vulnerability that affects indico
High
GHSA-67cx-rhhq-mfhq
was published
for
indico
(pip)
Oct 11, 2019
Ansible fails to cache SSH host keys
High
CVE-2013-2233
was published
for
ansible
(pip)
Oct 10, 2018
Gunicorn contains Improper Neutralization of CRLF sequences in HTTP headers
High
CVE-2018-1000164
was published
for
gunicorn
(pip)
Jul 12, 2018
Mitmweb in mitmproxy allows DNS Rebinding attacks
High
CVE-2018-14505
was published
for
mitmproxy
(pip)
Jul 31, 2018
High severity vulnerability that affects privacyIDEA
High
CVE-2018-1000809
was published
for
privacyIDEA
(pip)
Jan 14, 2019
Pycrypto generates weak key parameters
High
CVE-2018-6594
was published
for
pycrypto
(pip)
Jul 12, 2018
High severity vulnerability that affects cfscrape
High
CVE-2017-7235
was published
for
cfscrape
(pip)
Jul 13, 2018
Incorrect Default Permissions in keyring
High
CVE-2012-5577
was published
for
keyring
(pip)
Mar 11, 2020
Uncontrolled Resource Consumption in Indy Node
High
CVE-2020-11090
was published
for
indy-node
(pip)
Jun 11, 2020
2FA bypass through deleting devices in wagtail-2fa
High
CVE-2020-5240
was published
for
wagtail-2fa
(pip)
Mar 13, 2020
graphite.composer.views.send_email vulnerable to SSRF
High
CVE-2017-18638
was published
for
graphite-web
(pip)
Oct 25, 2019
Feedgen Vulnerable to XML Denial of Service Attacks
High
CVE-2020-5227
was published
for
feedgen
(pip)
Jan 28, 2020
Uncontrolled resource consumption in validators Python package
High
CVE-2019-19588
was published
for
validators
(pip)
Jan 21, 2020
Segmentation faultin TensorFlow when converting a Python string to `tf.float16`
High
CVE-2020-5215
was published
for
tensorflow
(pip)
Jan 28, 2020
Local Privilege Escalation in PyInstaller
High
CVE-2019-16784
was published
for
PyInstaller
(pip)
Jan 16, 2020
Possible remote code execution via a remote procedure call
High
GHSA-9ggp-4jpr-7ppj
was published
for
rpyc
(pip)
Nov 20, 2019
•
withdrawn
Phoenix-ws source code and data in extensions folder is publicly available
High
GHSA-c8f7-x2g7-7fxj
was published
for
phoenix-ws
(pip)
Jun 2, 2022
ProTip!
Advisories are also available from the
GraphQL API