GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,467 advisories
Filter by severity
Users able to query database metadata in Apache Superset
Moderate
CVE-2019-12413
was published
for
apache-superset
(pip)
Feb 26, 2020
Users can view database names in Apache Superset
Moderate
CVE-2019-12414
was published
for
apache-superset
(pip)
Feb 26, 2020
Information disclosure in Apache Superset
Moderate
CVE-2020-1932
was published
for
apache-superset
(pip)
Feb 26, 2020
Inclusion of Sensitive Information in Log Files and Improper Output Neutralization for Logs in Ansible
Moderate
CVE-2019-14864
was published
for
ansible
(pip)
Feb 26, 2020
XSS in Bleach when noscript and raw tag whitelisted
Moderate
CVE-2020-6802
was published
for
bleach
(pip)
Feb 24, 2020
Catastrophic backtracking in regex allows Denial of Service in Waitress
Moderate
CVE-2020-5236
was published
for
waitress
(pip)
Feb 4, 2020
Feedgen Vulnerable to XML Denial of Service Attacks
Moderate
CVE-2020-5227
was published
for
feedgen
(pip)
Jan 28, 2020
Session key exposure through session list in Django User Sessions
Moderate
CVE-2020-5224
was published
for
django-user-sessions
(pip)
Jan 24, 2020
Django allows unintended model editing
Moderate
CVE-2019-19118
was published
for
Django
(pip)
Dec 4, 2019
Duplicate Advisory: possible DoS caused by malformed signature decoding in Pure-Python ECDSA
Moderate
GHSA-2mrj-435v-c2cr
was published
for
ecdsa
(pip)
Dec 2, 2019
•
withdrawn
Apache Airflow vulnerable to XSS and local file disclosure
Moderate
CVE-2019-12417
was published
for
airflow
(pip)
Nov 22, 2019
Cross-site scripting in Jupyter Notebook
Moderate
CVE-2018-21030
was published
for
notebook
(pip)
Nov 8, 2019
Cross-site Scripting in django-js-reverse
Moderate
CVE-2019-15486
was published
for
django-js-reverse
(pip)
Aug 27, 2019
Cross-site scripting in recommender-xblock
Moderate
CVE-2018-20858
was published
for
recommender-xblock
(pip)
Aug 21, 2019
Exposure of Sensitive Information to an Unauthorized Actor in ansible
Moderate
CVE-2019-10156
was published
for
ansible
(pip)
Jul 31, 2019
Cross-site Scripting in invenio-communities
Moderate
CVE-2019-1020005
was published
for
invenio-communities
(pip)
Jul 16, 2019
Cross-site Scripting in invenio-previewer
Moderate
CVE-2019-1020019
was published
for
invenio-previewer
(pip)
Jul 16, 2019
Cross-site scripting invenio-records
Moderate
CVE-2019-1020003
was published
for
invenio-records
(pip)
Jul 16, 2019
Invenio-App vulnerable to host header injection attack
Moderate
CVE-2019-1020006
was published
for
invenio-app
(pip)
Jul 16, 2019
Django Incorrect HTTP detection with reverse-proxy connecting via HTTPS
Moderate
CVE-2019-12781
was published
for
Django
(pip)
Jul 3, 2019
Django Cross-site Scripting in AdminURLFieldWidget
Moderate
CVE-2019-12308
was published
for
Django
(pip)
Jun 10, 2019
NULL Pointer Dereference in Google TensorFlow
Moderate
CVE-2019-9635
was published
for
tensorflow
(pip)
Apr 30, 2019
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Moderate
CVE-2019-11358
was published
for
django
(RubyGems)
Apr 26, 2019
Null pointer dereference in TensorFlow leads to exploitation
Moderate
CVE-2018-7576
was published
for
tensorflow
(pip)
Apr 24, 2019
ProTip!
Advisories are also available from the
GraphQL API