GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,246 advisories
Filter by severity
jwcrypto token substitution can lead to authentication bypass
Moderate
CVE-2022-3102
was published
for
jwcrypto
(pip)
Sep 21, 2022
autogluon.multimodal vulnerable to unsafe YAML deserialization
High
GHSA-6h2x-4gjf-jc5w
was published
for
autogluon.multimodal
(pip)
Sep 21, 2022
django-sendfile2 before 0.7.0 contains reflected file download vulnerability
High
GHSA-pcjh-6r5h-r92r
was published
for
django-sendfile2
(pip)
Aug 11, 2022
mofh Vulnerable to Improper Restriction of XML External Entity Reference
Moderate
GHSA-7r9x-qrpr-3cxw
was published
for
mofh
(pip)
Aug 11, 2022
Vulnerable OpenSSL included in cryptography wheels
Moderate
GHSA-39hc-v87j-747x
was published
for
cryptography
(pip)
Nov 2, 2022
Package discontinued because Bitly lowered the free quota
Low
GHSA-ggrh-grj3-vfvw
was published
for
bitlyshortener
(pip)
Nov 28, 2022
Phoenix-ws source code and data in extensions folder is publicly available
High
GHSA-c8f7-x2g7-7fxj
was published
for
phoenix-ws
(pip)
Jun 2, 2022
Cross-Site Scripting
Moderate
GHSA-57h7-r3q3-w57j
was published
for
djangorestframework
(pip)
Feb 24, 2021
•
withdrawn
Cross-Site Scripting
Moderate
GHSA-94ww-22rx-493x
was published
for
flower
(pip)
Feb 24, 2021
•
withdrawn
Possible remote code execution via a remote procedure call
High
GHSA-9ggp-4jpr-7ppj
was published
for
rpyc
(pip)
Nov 20, 2019
•
withdrawn
Local Privilege Escalation in PyInstaller
High
CVE-2019-16784
was published
for
PyInstaller
(pip)
Jan 16, 2020
Segmentation faultin TensorFlow when converting a Python string to `tf.float16`
High
CVE-2020-5215
was published
for
tensorflow
(pip)
Jan 28, 2020
Uncontrolled resource consumption in validators Python package
High
CVE-2019-19588
was published
for
validators
(pip)
Jan 21, 2020
Feedgen Vulnerable to XML Denial of Service Attacks
High
CVE-2020-5227
was published
for
feedgen
(pip)
Jan 28, 2020
possible DoS caused by malformed signature decoding in Pure-Python ECDSA
Moderate
GHSA-2mrj-435v-c2cr
was published
for
ecdsa
(pip)
Dec 2, 2019
•
withdrawn
Potential Observable Timing Discrepancy in Wagtail
Moderate
CVE-2020-11037
was published
for
wagtail
(pip)
May 7, 2020
graphite.composer.views.send_email vulnerable to SSRF
High
CVE-2017-18638
was published
for
graphite-web
(pip)
Oct 25, 2019
Incorrect Default Permissions in keyring
Moderate
CVE-2012-5578
was published
for
keyring
(pip)
Mar 10, 2020
python-docutils allows insecure usage of temporary files
Critical
CVE-2009-5042
was published
for
docutils
(pip)
Mar 13, 2020
python-gnupg allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended
Moderate
GHSA-qh62-ch95-63wh
was published
for
python-gnupg
(pip)
Mar 13, 2020
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API