Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

288 advisories

Loading
Django User Enumeration Vulnerability Low
CVE-2016-2513 was published for django (pip) May 17, 2022
MarkLee131
Potential sensitive information disclosed in error reports Low
CVE-2021-21416 was published for django-registration (pip) Apr 6, 2021
martinmo tdunlap607
Timing attack on django-basic-auth-ip-whitelist Low
CVE-2020-4071 was published for django-basic-auth-ip-whitelist (pip) Jun 23, 2020
thibaudcolas
cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code Low
CVE-2024-22194 was published for case-utils (pip) Jan 11, 2024
ajnelson-nist kchason
changedetection.io API endpoint is not secured with API token Low
CVE-2024-23329 was published for changedetection.io (pip) Jan 23, 2024
rozpuszczalny
Cloudtoken Insufficiently Protects Credentials Low
CVE-2018-13390 was published for cloudtoken (pip) May 13, 2022
Cabot Cross Site Scripting (XSS) vulnerability via Endpoint column Low
CVE-2020-7734 was published for cabot (pip) May 24, 2022
ceph-deploy allows local users to obtain sensitive information by reading the file Low
CVE-2015-3010 was published for ceph-deploy (pip) May 17, 2022
Apache Airflow logs passwords in plaintext Low
CVE-2020-17511 was published for apache-airflow (pip) Dec 17, 2020
Incorrect Permission Assignment for Critical Resource in Ansible Low
CVE-2020-1736 was published for ansible (pip) Feb 9, 2022
Argument Injection in Ansible Low
CVE-2020-1738 was published for ansible (pip) Feb 9, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Ansible Low
CVE-2020-1739 was published for ansible (pip) Apr 7, 2021
ceph-deploy uses world-readable permissions on client.admin key Low
CVE-2015-4053 was published for ceph-deploy (pip) May 17, 2022
Libcloud does not properly scrub data when destroying a DigitalOcean node Low
CVE-2013-6480 was published for apache-libcloud (pip) May 14, 2022
Flask-AppBuilder's login form allows browser to cache sensitive fields Low
CVE-2024-45314 was published for flask-appbuilder (pip) Sep 4, 2024
Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacks Low
CVE-2023-47641 was published for aiohttp (pip) Nov 14, 2023
chinchila
Ansible uses a socket with predictable filename in /tmp Low
CVE-2013-4259 was published for Ansible (pip) May 14, 2022
Timing-Based Username Enumeration Vulnerability in Fides Webserver Authentication Low
CVE-2024-45052 was published for ethyca-fides (pip) Sep 4, 2024
RobertKeyser pattisdr
daveqnet
`aiohttp` Open Redirect vulnerability (`normalize_path_middleware` middleware) Low
CVE-2021-21330 was published for aiohttp (pip) Feb 26, 2021
jelmer g147
LTI 1.3 Grade Pass Back Implementation has Missing Authorization Vulnerability Low
CVE-2023-23611 was published for lti-consumer-xblock (pip) Aug 30, 2024
freewvs vulnerable to denial of service through large files Low
CVE-2020-15100 was published for freewvs (pip) Aug 30, 2024
freewvs's nested directory structure can interrupt scan Low
CVE-2020-15101 was published for freewvs (pip) Aug 30, 2024
Division by zero in TFLite's implementation of hashtable lookup Low
CVE-2021-29604 was published for tensorflow (pip) May 21, 2021
Heap OOB write in TFLite Low
CVE-2021-29603 was published for tensorflow (pip) May 21, 2021
Division by zero in TFLite's implementation of `DepthwiseConv` Low
CVE-2021-29602 was published for tensorflow (pip) May 21, 2021
ProTip! Advisories are also available from the GraphQL API