Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,001 advisories

Loading
autogluon.multimodal vulnerable to unsafe YAML deserialization High
GHSA-6h2x-4gjf-jc5w was published for autogluon.multimodal (pip) Sep 21, 2022
sxjscience
django-sendfile2 before 0.7.0 contains reflected file download vulnerability High
GHSA-pcjh-6r5h-r92r was published for django-sendfile2 (pip) Aug 11, 2022
moggers87 sergei-maertens
Phoenix-ws source code and data in extensions folder is publicly available High
GHSA-c8f7-x2g7-7fxj was published for phoenix-ws (pip) Jun 2, 2022
Possible remote code execution via a remote procedure call High
GHSA-9ggp-4jpr-7ppj was published for rpyc (pip) Nov 20, 2019 withdrawn
Local Privilege Escalation in PyInstaller High
CVE-2019-16784 was published for PyInstaller (pip) Jan 16, 2020
faridtsl lnv42
htgoebel
Segmentation faultin TensorFlow when converting a Python string to `tf.float16` High
CVE-2020-5215 was published for tensorflow (pip) Jan 28, 2020
Feedgen Vulnerable to XML Denial of Service Attacks High
CVE-2020-5227 was published for feedgen (pip) Jan 28, 2020
Uncontrolled resource consumption in validators Python package High
CVE-2019-19588 was published for validators (pip) Jan 21, 2020
graphite.composer.views.send_email vulnerable to SSRF High
CVE-2017-18638 was published for graphite-web (pip) Oct 25, 2019
JLLeitschuh alex
orangetw
Double Free in psutil High
CVE-2019-18874 was published for psutil (pip) Mar 12, 2020
2FA bypass through deleting devices in wagtail-2fa High
CVE-2020-5240 was published for wagtail-2fa (pip) Mar 13, 2020
Uncontrolled Resource Consumption in Indy Node High
CVE-2020-11090 was published for indy-node (pip) Jun 11, 2020
Incorrect Default Permissions in keyring High
CVE-2012-5577 was published for keyring (pip) Mar 11, 2020
High severity vulnerability that affects cfscrape High
CVE-2017-7235 was published for cfscrape (pip) Jul 13, 2018
High severity vulnerability that affects privacyIDEA High
CVE-2018-1000809 was published for privacyIDEA (pip) Jan 14, 2019
Pycrypto generates weak key parameters High
CVE-2018-6594 was published for pycrypto (pip) Jul 12, 2018
Mitmweb in mitmproxy allows DNS Rebinding attacks High
CVE-2018-14505 was published for mitmproxy (pip) Jul 31, 2018
Gunicorn contains Improper Neutralization of CRLF sequences in HTTP headers High
CVE-2018-1000164 was published for gunicorn (pip) Jul 12, 2018
Ansible fails to cache SSH host keys High
CVE-2013-2233 was published for ansible (pip) Oct 10, 2018
Jupyter Notebook file bypasses sanitization, executes JavaScript High
CVE-2018-8768 was published for notebook (pip) Jul 12, 2018
High severity vulnerability that affects indico High
GHSA-67cx-rhhq-mfhq was published for indico (pip) Oct 11, 2019
High severity vulnerability that affects mercurial High
CVE-2017-9462 was published for mercurial (pip) Jul 13, 2018
High severity vulnerability that affects python-gnupg High
CVE-2013-7323 was published for python-gnupg (pip) Nov 6, 2018
Ansible apt_key module does not properly verify key fingerprint High
CVE-2016-8614 was published for ansible (pip) Oct 10, 2018
Moderate severity vulnerability that affects splunk-sdk High
CVE-2019-5729 was published for splunk-sdk (pip) Mar 25, 2019
ProTip! Advisories are also available from the GraphQL API