GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,656
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
396 advisories
Filter by severity
Potential buffer overflow in psd-tools
Critical
CVE-2020-10571
was published
for
psd-tools
(pip)
Mar 16, 2020
python-docutils allows insecure usage of temporary files
Critical
CVE-2009-5042
was published
for
docutils
(pip)
Mar 13, 2020
Insufficient Verification of Data Authenticity in python-keystoneclient
Critical
CVE-2013-2167
was published
for
python-keystoneclient
(pip)
Mar 10, 2020
Improper Authentication in requests-kerberos
Critical
CVE-2014-8650
was published
for
requests-kerberos
(pip)
Mar 10, 2020
Django Potential account hijack via password reset form
Critical
CVE-2019-19844
was published
for
Django
(pip)
Jan 16, 2020
HTTP Request Smuggling: Content-Length Sent Twice in Waitress
Critical
GHSA-4ppp-gpcr-7qf6
was published
for
waitress
(pip)
Dec 20, 2019
Uncontrolled deserialization of a pickled object in rediswrapper allows attackers to execute arbitrary scripts
Critical
CVE-2019-17206
was published
for
rediswrapper
(pip)
Nov 20, 2019
Eval injection in Supybot/Limnoria
Critical
CVE-2019-19010
was published
for
limnoria
(pip)
Nov 20, 2019
Undirectional routing wasn't respected in some cases in Mitogen
Critical
CVE-2019-15149
was published
for
mitogen
(pip)
Aug 19, 2019
•
withdrawn
aubio Buffer Overflow vulnerability
Critical
CVE-2018-19800
was published
for
aubio
(pip)
Jul 26, 2019
Improper Restriction of XML External Entity Reference in ladon
Critical
CVE-2019-1010268
was published
for
ladon
(pip)
Jul 26, 2019
Injection vulnerability that affects ironic-discoverd
Critical
CVE-2015-5306
was published
for
ironic-inspector
(pip)
Jul 5, 2019
Improper Verification of Cryptographic Signature in django-rest-registration
Critical
CVE-2019-13177
was published
for
django-rest-registration
(pip)
Jul 2, 2019
Improper Authentication in Buildbot
Critical
CVE-2019-12300
was published
for
buildbot
(pip)
May 29, 2019
Integer Overflow or Wraparound in Google TensorFlow
Critical
CVE-2018-7575
was published
for
tensorflow
(pip)
Apr 30, 2019
SQLAlchemy vulnerable to SQL Injection via order_by parameter
Critical
CVE-2019-7164
was published
for
SQLAlchemy
(pip)
Apr 16, 2019
ipycache is vulnerable to Code Injection
Critical
CVE-2019-7539
was published
for
ipycache
(pip)
Mar 25, 2019
Apache Airflow vulnerable to XSS
Critical
CVE-2017-17836
was published
for
apache-airflow
(pip)
Jan 25, 2019
modulemd uses an unsafe function for processing externally provided data
Critical
CVE-2017-1002157
was published
for
modulemd
(pip)
Jan 17, 2019
Bleach URI Scheme Restriction Bypass
Critical
CVE-2018-7753
was published
for
bleach
(pip)
Jan 4, 2019
PyYAML insecurely deserializes YAML strings leading to arbitrary code execution
Critical
CVE-2017-18342
was published
for
pyyaml
(pip)
Jan 4, 2019
ProTip!
Advisories are also available from the
GraphQL API