GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
1,444 advisories
Authorization Bypass in I hate money
Moderate
CVE-2020-15120
was published
for
ihatemoney
(pip)
Jul 27, 2020
Cross-Site Scripting in Wagtail
Moderate
CVE-2020-15118
was published
for
wagtail
(pip)
Jul 20, 2020
Directory traversal outside of SENDFILE_ROOT in django-sendfile2
Moderate
GHSA-6r3c-8xf3-ggrr
was published
for
django-sendfile2
(pip)
Jun 24, 2020
Data leakage via cache key collision in Django
Moderate
CVE-2020-13254
was published
for
django
(pip)
Jun 5, 2020
Potential Observable Timing Discrepancy in Wagtail
Moderate
CVE-2020-11037
was published
for
wagtail
(pip)
May 7, 2020
Malicious package may avoid detection in python auditing
Moderate
CVE-2020-5252
was published
for
safety
(pip)
Mar 24, 2020
GitHub personal access token leaking into temporary EasyBuild (debug) logs
Moderate
CVE-2020-5262
was published
for
easybuild-framework
(pip)
Mar 19, 2020
ProTip!
Advisories are also available from the
GraphQL API