Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,995 advisories

Django Denial-of-service possibility in truncatechars_html and truncatewords_html template filters Moderate
CVE-2018-7537 was published for django (pip) Jan 4, 2019
sunSUNQ
Recurly vulnerable to SSRF Critical
CVE-2017-0906 was published for recurly (pip) Jan 4, 2019
mistune Cross-site scripting (XSS) vulnerability Moderate
CVE-2017-16876 was published for mistune (pip) Jan 4, 2019
Plone Open Redirect Moderate
CVE-2017-1000484 was published for plone (pip) Jan 4, 2019
Bleach URI Scheme Restriction Bypass Critical
CVE-2018-7753 was published for bleach (pip) Jan 4, 2019
Moderate severity vulnerability that affects moin Moderate
CVE-2017-5934 was published for moin (pip) Jan 4, 2019
PyYAML insecurely deserializes YAML strings leading to arbitrary code execution Critical
CVE-2017-18342 was published for pyyaml (pip) Jan 4, 2019
sqla-yaml-fixtures is vulnerable to Code Injection High
CVE-2019-3575 was published for sqla-yaml-fixtures (pip) Jan 4, 2019
Code injection in Danijar Definitions Critical
CVE-2018-20325 was published for definitions (pip) Dec 26, 2018
PyKMIP Denial of service vulnerability Moderate
CVE-2018-1000872 was published for pykmip (pip) Dec 21, 2018
tdunlap607
aiohttp-session creates non-expiring sessions Moderate
CVE-2018-1000814 was published for aiohttp-session (pip) Dec 20, 2018
Cross-Site Request Forgery (CSRF) in Luigi High
CVE-2018-1000843 was published for luigi (pip) Dec 20, 2018
Code injection in ymlref Critical
CVE-2018-20133 was published for ymlref (pip) Dec 19, 2018
Cross site scripting in flask-admin Moderate
CVE-2018-16516 was published for flask-admin (pip) Dec 19, 2018
born2discover
Buffer Overflow in pycrypto Critical
CVE-2013-7459 was published for pycrypto (pip) Dec 14, 2018
Exposure of Sensitive Information to an Unauthorized Actor in urllib3 Critical
CVE-2018-20060 was published for urllib3 (pip) Dec 12, 2018
Session Fixation in Tryton Moderate
CVE-2018-19443 was published for tryton (pip) Nov 29, 2018
Py-EVM is vulnerable to arbitrary bytecode injection High
CVE-2018-18920 was published for py-evm (pip) Nov 21, 2018
Jupyter Notebook XSS via directory name Moderate
CVE-2018-19352 was published for notebook (pip) Nov 21, 2018
Jupyter Notebook XSS via untrusted notebooks Moderate
CVE-2018-19351 was published for notebook (pip) Nov 21, 2018
Deserialization of Untrusted Data in superset Critical
CVE-2018-8021 was published for superset (pip) Nov 9, 2018
High severity vulnerability that affects python-gnupg High
CVE-2014-1927 was published for python-gnupg (pip) Nov 6, 2018
High severity vulnerability that affects python-gnupg High
CVE-2013-7323 was published for python-gnupg (pip) Nov 6, 2018
Moderate severity vulnerability that affects python-gnupg Moderate
CVE-2014-1928 was published for python-gnupg (pip) Nov 6, 2018
python-gnupg vulnerable to shell injection Moderate
CVE-2014-1929 was published for python-gnupg (pip) Nov 6, 2018
ProTip! Advisories are also available from the GraphQL API