Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,090 advisories

Loading
Jupyter Notebook XSS via untrusted notebooks Moderate
CVE-2018-19351 was published for notebook (pip) Nov 21, 2018
Jupyter Notebook XSS via directory name Moderate
CVE-2018-19352 was published for notebook (pip) Nov 21, 2018
Py-EVM is vulnerable to arbitrary bytecode injection High
CVE-2018-18920 was published for py-evm (pip) Nov 21, 2018
Session Fixation in Tryton Moderate
CVE-2018-19443 was published for tryton (pip) Nov 29, 2018
Exposure of Sensitive Information to an Unauthorized Actor in urllib3 Critical
CVE-2018-20060 was published for urllib3 (pip) Dec 12, 2018
Buffer Overflow in pycrypto Critical
CVE-2013-7459 was published for pycrypto (pip) Dec 14, 2018
Cross site scripting in flask-admin Moderate
CVE-2018-16516 was published for flask-admin (pip) Dec 19, 2018
born2discover
Code injection in ymlref Critical
CVE-2018-20133 was published for ymlref (pip) Dec 19, 2018
Cross-Site Request Forgery (CSRF) in Luigi High
CVE-2018-1000843 was published for luigi (pip) Dec 20, 2018
aiohttp-session creates non-expiring sessions Moderate
CVE-2018-1000814 was published for aiohttp-session (pip) Dec 20, 2018
PyKMIP Denial of service vulnerability Moderate
CVE-2018-1000872 was published for pykmip (pip) Dec 21, 2018
tdunlap607
Code injection in Danijar Definitions Critical
CVE-2018-20325 was published for definitions (pip) Dec 26, 2018
sqla-yaml-fixtures is vulnerable to Code Injection High
CVE-2019-3575 was published for sqla-yaml-fixtures (pip) Jan 4, 2019
PyYAML insecurely deserializes YAML strings leading to arbitrary code execution Critical
CVE-2017-18342 was published for pyyaml (pip) Jan 4, 2019
Moderate severity vulnerability that affects moin Moderate
CVE-2017-5934 was published for moin (pip) Jan 4, 2019
Bleach URI Scheme Restriction Bypass Critical
CVE-2018-7753 was published for bleach (pip) Jan 4, 2019
Plone Open Redirect Moderate
CVE-2017-1000484 was published for plone (pip) Jan 4, 2019
mistune Cross-site scripting (XSS) vulnerability Moderate
CVE-2017-16876 was published for mistune (pip) Jan 4, 2019
Recurly vulnerable to SSRF Critical
CVE-2017-0906 was published for recurly (pip) Jan 4, 2019
Django Denial-of-service possibility in truncatechars_html and truncatewords_html template filters Moderate
CVE-2018-7537 was published for django (pip) Jan 4, 2019
sunSUNQ
Django Denial-of-service possibility in urlize and urlizetrunc template filters Moderate
CVE-2018-7536 was published for django (pip) Jan 4, 2019
tdunlap607
Django open redirect Moderate
CVE-2017-7234 was published for django (pip) Jan 4, 2019
MarkLee131
Django Open redirect and possible XSS attack via user-supplied numeric redirect URLs Moderate
CVE-2017-7233 was published for django (pip) Jan 4, 2019
sunSUNQ
Django vulnerable to XSS on 500 pages Moderate
CVE-2017-12794 was published for django (pip) Jan 4, 2019
MarkLee131
High severity vulnerability that affects privacyIDEA High
CVE-2018-1000809 was published for privacyIDEA (pip) Jan 14, 2019
ProTip! Advisories are also available from the GraphQL API