GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
280 advisories
Filter by severity
Django allows user sessions hijacking via an empty string in the session key
Moderate
CVE-2015-3982
was published
for
Django
(pip)
May 17, 2022
Django denial of service via empty session record creation
Moderate
CVE-2015-5963
was published
for
Django
(pip)
May 17, 2022
Improper query string handling in Django
Moderate
CVE-2010-4534
was published
for
Django
(pip)
Jul 23, 2018
Django cross-site request forgery (CSRF) vulnerability
High
CVE-2008-3909
was published
for
django
(pip)
May 2, 2022
Django Cross-site scripting (XSS) vulnerability
Moderate
CVE-2008-2302
was published
for
django
(pip)
May 1, 2022
Django vulnerable to Denial of Service via i18n middleware component
Moderate
CVE-2007-5712
was published
for
Django
(pip)
May 1, 2022
XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue
High
CVE-2019-12331
was published
for
phpoffice/phpspreadsheet
(Composer)
Nov 20, 2019
XXE in PHPSpreadsheet due to encoding issue
High
CVE-2018-19277
was published
for
phpoffice/phpspreadsheet
(Composer)
Nov 20, 2019
RDF4J vulnerable to zip slip
High
CVE-2018-20227
was published
for
org.eclipse.rdf4j:rdf4j
(Maven)
May 14, 2022
Regular expression denial-of-service in Django
Moderate
CVE-2024-27351
was published
for
django
(pip)
Mar 15, 2024
Keycloak leaks configured LDAP bind credentials through the Keycloak admin console
Low
CVE-2024-5967
was published
for
org.keycloak:keycloak-ldap-federation
(Maven)
Jun 21, 2024
XML External Entity (XXE) in Django
Moderate
CVE-2013-1665
was published
for
Django
(pip)
May 17, 2022
XML Entity Expansion (XEE) in Django
Moderate
CVE-2013-1664
was published
for
Django
(pip)
May 17, 2022
Django contains Uncontrolled Resource Consumption via cached header
High
CVE-2023-23969
was published
for
django
(pip)
Feb 1, 2023
Denial-of-service possibility in logout() view by filling session store
Moderate
CVE-2015-5964
was published
for
Django
(pip)
May 17, 2022
Django Denial-of-service by filling session store
High
CVE-2015-5143
was published
for
django
(pip)
Jul 5, 2019
ProTip!
Advisories are also available from the
GraphQL API