GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,995 advisories
Filter by severity
Moderate severity vulnerability that affects roundup
Moderate
CVE-2019-10904
was published
for
roundup
(pip)
Apr 9, 2019
CoAPthon3 vulnerable to Deserialization of Untrusted Data
High
CVE-2018-12679
was published
for
CoAPthon3
(pip)
Apr 8, 2019
Open Redirect vulnerability in jupyterhub and notebook
Moderate
CVE-2019-10255
was published
for
jupyterhub
(pip)
Apr 2, 2019
Moderate severity vulnerability that affects splunk-sdk
High
CVE-2019-5729
was published
for
splunk-sdk
(pip)
Mar 25, 2019
Improper Input Validation python-gnupg
High
CVE-2019-6690
was published
for
python-gnupg
(pip)
Mar 25, 2019
ipycache is vulnerable to Code Injection
Critical
CVE-2019-7539
was published
for
ipycache
(pip)
Mar 25, 2019
Webargs mishandles concurrent JSON parsing
High
CVE-2019-9710
was published
for
webargs
(pip)
Mar 12, 2019
Apache Airflow vulnerable to Stored XSS
Moderate
CVE-2018-20244
was published
for
apache-airflow
(pip)
Mar 6, 2019
Uncontrolled Memory Consumption in Django
High
CVE-2019-6975
was published
for
django
(pip)
Feb 12, 2019
Moderate severity vulnerability that affects aioxmpp
Moderate
GHSA-32f7-cmr3-vpjv
was published
for
aioxmpp
(pip)
Feb 7, 2019
•
withdrawn
Pylons Colander Denial of Service vulnerability
High
CVE-2017-18361
was published
for
colander
(pip)
Feb 7, 2019
Pyspark User Impersonation Vulnerability
Moderate
CVE-2018-11760
was published
for
pyspark
(pip)
Feb 7, 2019
Improper Certificate Validation in Apache Airflow
High
CVE-2018-20245
was published
for
apache-airflow
(pip)
Jan 25, 2019
Cross-Site Request Forgery (CSRF) in Apache Airflow
High
CVE-2017-17835
was published
for
apache-airflow
(pip)
Jan 25, 2019
Apache Airflow vulnerable to XSS
Critical
CVE-2017-17836
was published
for
apache-airflow
(pip)
Jan 25, 2019
Improper Input Validation in Apache Airflow resulting in Remote Code Execution
High
CVE-2017-15720
was published
for
apache-airflow
(pip)
Jan 25, 2019
modulemd uses an unsafe function for processing externally provided data
Critical
CVE-2017-1002157
was published
for
modulemd
(pip)
Jan 17, 2019
Improper Input Validation in Django
Moderate
CVE-2019-3498
was published
for
django
(pip)
Jan 14, 2019
High severity vulnerability that affects privacyIDEA
High
CVE-2018-1000809
was published
for
privacyIDEA
(pip)
Jan 14, 2019
Django vulnerable to XSS on 500 pages
Moderate
CVE-2017-12794
was published
for
django
(pip)
Jan 4, 2019
Django Open redirect and possible XSS attack via user-supplied numeric redirect URLs
Moderate
CVE-2017-7233
was published
for
django
(pip)
Jan 4, 2019
Django Denial-of-service possibility in urlize and urlizetrunc template filters
Moderate
CVE-2018-7536
was published
for
django
(pip)
Jan 4, 2019
ProTip!
Advisories are also available from the
GraphQL API