Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,232
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,344
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

3,344 advisories

Loading
autogluon.multimodal vulnerable to unsafe YAML deserialization High
GHSA-6h2x-4gjf-jc5w was published for autogluon.multimodal (pip) Sep 21, 2022
sxjscience
jwcrypto token substitution can lead to authentication bypass Moderate
CVE-2022-3102 was published for jwcrypto (pip) Sep 21, 2022
django-sendfile2 before 0.7.0 contains reflected file download vulnerability High
GHSA-pcjh-6r5h-r92r was published for django-sendfile2 (pip) Aug 11, 2022
moggers87 sergei-maertens
mofh Vulnerable to Improper Restriction of XML External Entity Reference Moderate
GHSA-7r9x-qrpr-3cxw was published for mofh (pip) Aug 11, 2022
Vulnerable OpenSSL included in cryptography wheels Moderate
GHSA-39hc-v87j-747x was published for cryptography (pip) Nov 2, 2022
Package discontinued because Bitly lowered the free quota Low
GHSA-ggrh-grj3-vfvw was published for bitlyshortener (pip) Nov 28, 2022
Phoenix-ws source code and data in extensions folder is publicly available High
GHSA-c8f7-x2g7-7fxj was published for phoenix-ws (pip) Jun 2, 2022
Cross-Site Scripting Moderate
GHSA-57h7-r3q3-w57j was published for djangorestframework (pip) Feb 24, 2021 withdrawn
Timing attack Low
GHSA-xm8r-5wh6-f46f was published for autobahn (pip) Feb 24, 2021 withdrawn
Cross-Site Scripting Moderate
GHSA-94ww-22rx-493x was published for flower (pip) Feb 24, 2021 withdrawn
Vyper interfaces returning integer types less than 256 bits can be manipulated if uint256 is used Low
GHSA-mr6r-mvw4-736g was published for vyper (pip) Mar 25, 2020
montyly
`CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in eager mode Low
GHSA-xf83-q765-xm6m was published for tensorflow (pip) Nov 21, 2022
`CHECK` failure in `SobolSample` via missing validation Low
GHSA-cqvq-fvhr-v6hc was published for tensorflow (pip) Nov 21, 2022
High severity vulnerability that affects indico High
GHSA-67cx-rhhq-mfhq was published for indico (pip) Oct 11, 2019
High severity vulnerability that affects Plone and Zope2 High
CVE-2011-2528 was published for Plone (pip) Jul 23, 2018
Moderate severity vulnerability that affects mailman Moderate
CVE-2018-13796 was published for mailman (pip) Sep 11, 2018
Moderate severity vulnerability that affects Products.PlonePAS Moderate
CVE-2009-0662 was published for Products.PlonePAS (pip) Jul 23, 2018
CSRF tokens leaked in URL by canned query form Moderate
GHSA-q6j3-c4wc-63vw was published for datasette (pip) Aug 11, 2020
Moderate severity vulnerability that affects Zope2 Moderate
CVE-2010-1104 was published for Zope2 (pip) Jul 23, 2018
Moderate severity vulnerability that affects aioxmpp Moderate
GHSA-32f7-cmr3-vpjv was published for aioxmpp (pip) Feb 7, 2019 withdrawn
Directory traversal outside of SENDFILE_ROOT in django-sendfile2 Moderate
GHSA-6r3c-8xf3-ggrr was published for django-sendfile2 (pip) Jun 24, 2020
gipi moggers87
Memory leak in Nanopb Moderate
CVE-2020-26243 was published for nanopb (pip) Nov 25, 2020
UNEDITABLE_SCHEMAS and UNEDITABLE_TABLE_DESCRIPTION_MATCH_RULES not respected by frontend service backend Low
GHSA-47qg-q58v-7vrp was published for amundsen-frontend (pip) Dec 2, 2020
dorianj
Key Caching behavior in the DynamoDB Encryption Client. Low
GHSA-4ph2-8337-hm62 was published for dynamodb-encryption-sdk (pip) Feb 8, 2021
Update bitlyshortener to >=0.5.0 to prevent generating some invalid short URLs High
GHSA-r82c-j4mq-5xfw was published for bitlyshortener (pip) Oct 27, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database