GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,002 advisories
Filter by severity
pypa/wheel vulnerable to Regular Expression denial of service (ReDoS)
High
CVE-2022-40898
was published
for
wheel
(pip)
Dec 23, 2022
Bots using py-cord as Discord API wrapper are vulnerable to shutdowns through remote code execution
High
CVE-2022-36024
was published
for
py-cord
(pip)
Aug 18, 2022
Possible leak of key's raw field if declared length is incorrect
High
CVE-2022-31124
was published
for
openssh-key-parser
(pip)
Jul 6, 2022
Incorrect handling of invalid surrogate pair characters
High
CVE-2022-31116
was published
for
ujson
(pip)
Jul 5, 2022
Improper input validation in cryptography
High
CVE-2016-9243
was published
for
cryptography
(pip)
May 17, 2022
Improper Restriction of XML External Entity Reference in Openpyxl
High
CVE-2017-5992
was published
for
openpyxl
(pip)
May 17, 2022
django-anymail Includes Sensitive Information in Log Files
High
CVE-2018-1000089
was published
for
django-anymail
(pip)
May 14, 2022
Dynamic modification of RPyC service due to missing security check
High
CVE-2019-16328
was published
for
rpyc
(pip)
Feb 17, 2021
rdiffweb's lack of token name length limit can result in DoS or memory corruption
High
CVE-2022-3371
was published
for
rdiffweb
(pip)
Oct 1, 2022
Remote Code Execution via Script (Python) objects under Python 3
High
CVE-2021-32811
was published
for
Zope
(pip)
Aug 5, 2021
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG
High
CVE-2019-11842
was published
for
matrix-sydent
(pip)
May 24, 2022
XBlock vulnerable to Cross-Site Scripting (XSS)
High
CVE-2022-46147
was published
for
xblock-drag-and-drop-v2
(pip)
Dec 2, 2022
Incorrect header handling in mod-wsgi
High
CVE-2022-2255
was published
for
mod-wsgi
(pip)
Aug 26, 2022
rdiffweb CSRF vulnerability in profile's SSH keys can lead to unauthorized access
High
CVE-2022-3221
was published
for
rdiffweb
(pip)
Sep 16, 2022
TensorFlow vulnerable to OOB read in `Gather_nd` in TF Lite
High
CVE-2022-35937
was published
for
tensorflow
(pip)
Sep 16, 2022
TensorFlow vulnerable to OOB write in `scatter_nd` in TF Lite
High
CVE-2022-35939
was published
for
tensorflow
(pip)
Sep 16, 2022
Cross Site Scripting vulnerability in wsgidav when directory browsing is enabled
High
CVE-2022-41905
was published
for
wsgidav
(pip)
Nov 16, 2022
Apache Pulsar Disabled Certificate Validation for OAuth Client Credential Requests makes C++/Python Clients vulnerable to MITM attack
High
CVE-2022-33684
was published
for
pulsar-client
(pip)
Nov 4, 2022
Python Charmers Future denial of service vulnerability
High
CVE-2022-40899
was published
for
future
(pip)
Dec 23, 2022
python-scciclient vulnerable to Man-in-the-middle (MITM) attacks
High
CVE-2022-2996
was published
for
python-scciclient
(pip)
Sep 2, 2022
rdiffweb's unlimited username field length can lead to DoS
High
CVE-2022-3290
was published
for
rdiffweb
(pip)
Sep 27, 2022
rdiffweb vulnerable to potential DoS via memory consumption
High
CVE-2022-3298
was published
for
rdiffweb
(pip)
Sep 27, 2022
ProTip!
Advisories are also available from the
GraphQL API