GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,444 advisories
Filter by severity
XSS in Bleach when noscript and raw tag whitelisted
Moderate
CVE-2020-6802
was published
for
bleach
(pip)
Feb 24, 2020
Catastrophic backtracking in regex allows Denial of Service in Waitress
Moderate
CVE-2020-5236
was published
for
waitress
(pip)
Feb 4, 2020
Django allows unintended model editing
Moderate
CVE-2019-19118
was published
for
django
(pip)
Dec 4, 2019
possible DoS caused by malformed signature decoding in Pure-Python ECDSA
Moderate
GHSA-2mrj-435v-c2cr
was published
for
ecdsa
(pip)
Dec 2, 2019
•
withdrawn
Apache Airflow vulnerable to XSS and local file disclosure
Moderate
CVE-2019-12417
was published
for
apache-airflow
(pip)
Nov 22, 2019
Cross-site scripting in Jupyter Notebook
Moderate
CVE-2018-21030
was published
for
notebook
(pip)
Nov 8, 2019
Cross-site Scripting in django-js-reverse
Moderate
CVE-2019-15486
was published
for
django-js-reverse
(pip)
Aug 27, 2019
Cross-site scripting in recommender-xblock
Moderate
CVE-2018-20858
was published
for
recommender-xblock
(pip)
Aug 21, 2019
Exposure of Sensitive Information to an Unauthorized Actor in ansible
Moderate
CVE-2019-10156
was published
for
ansible
(pip)
Jul 31, 2019
Cross-site Scripting in invenio-communities
Moderate
CVE-2019-1020005
was published
for
invenio-communities
(pip)
Jul 16, 2019
Cross-site Scripting in invenio-previewer
Moderate
CVE-2019-1020019
was published
for
invenio-previewer
(pip)
Jul 16, 2019
Cross-site scripting invenio-records
Moderate
CVE-2019-1020003
was published
for
invenio-records
(pip)
Jul 16, 2019
Moderate severity vulnerability that affects invenio-app
Moderate
CVE-2019-1020006
was published
for
invenio-app
(pip)
Jul 16, 2019
Injection vulnerability that affects ironic-discoverd
Moderate
CVE-2015-5306
was published
for
python-ironic-inspector-client
(pip)
Jul 5, 2019
Django Incorrect HTTP detection with reverse-proxy connecting via HTTPS
Moderate
CVE-2019-12781
was published
for
django
(pip)
Jul 3, 2019
Django Cross-site Scripting in AdminURLFieldWidget
Moderate
CVE-2019-12308
was published
for
django
(pip)
Jun 10, 2019
NULL Pointer Dereference in Google TensorFlow
Moderate
CVE-2019-9635
was published
for
tensorflow
(pip)
Apr 30, 2019
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Moderate
CVE-2019-11358
was published
for
django
(RubyGems)
Apr 26, 2019
Null pointer dereference in TensorFlow leads to exploitation
Moderate
CVE-2018-7576
was published
for
tensorflow
(pip)
Apr 24, 2019
Ansible Path Traversal vulnerability
Moderate
CVE-2019-3828
was published
for
ansible
(pip)
Apr 15, 2019
Apache Airflow vulnerable to Stored XSS
Moderate
CVE-2019-0216
was published
for
apache-airflow
(pip)
Apr 12, 2019
Jupyter Notebook open redirect vulnerability
Moderate
CVE-2019-10856
was published
for
notebook
(pip)
Apr 9, 2019
Moderate severity vulnerability that affects roundup
Moderate
CVE-2019-10904
was published
for
roundup
(pip)
Apr 9, 2019
ProTip!
Advisories are also available from the
GraphQL API