Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

59 advisories

Loading
Django contains Uncontrolled Resource Consumption via cached header High
CVE-2023-23969 was published for django (pip) Feb 1, 2023
MarkLee131
Infinite Loop in Django High
CVE-2022-23833 was published for Django (pip) Feb 4, 2022
tdunlap607 MarkLee131
Django Reuses Cached CSRF Token High
CVE-2014-0473 was published for Django (pip) May 17, 2022
MarkLee131
Django database denial-of-service with ModelMultipleChoiceField High
CVE-2015-0222 was published for Django (pip) May 17, 2022
MarkLee131
Django vulnerable to information leakage in AuthenticationForm High
CVE-2018-6188 was published for Django (pip) Oct 3, 2018
MarkLee131
Django CSRF Protection Bypass High
CVE-2016-7401 was published for django (pip) May 14, 2022
MarkLee131
Django DNS Rebinding Vulnerability High
CVE-2016-9014 was published for Django (pip) May 17, 2022
MarkLee131
Django Denial-of-service possibility with strip_tags High
CVE-2015-2316 was published for Django (pip) May 14, 2022
MarkLee131
Django Denial-of-service by filling session store High
CVE-2015-5143 was published for Django (pip) Jul 5, 2019
MarkLee131
Denial of service in django High
CVE-2011-4137 was published for Django (pip) Jul 23, 2018
MarkLee131
Django cross-site request forgery (CSRF) vulnerability High
CVE-2008-3909 was published for django (pip) May 2, 2022
MarkLee131
Cross-site request forgery in Django High
CVE-2011-0696 was published for Django (pip) Jul 23, 2018
MarkLee131
XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue High
CVE-2019-12331 was published for phpoffice/phpspreadsheet (Composer) Nov 20, 2019
MarkLee131
XXE in PHPSpreadsheet due to encoding issue High
CVE-2018-19277 was published for phpoffice/phpspreadsheet (Composer) Nov 20, 2019
MarkLee131
RDF4J vulnerable to zip slip High
CVE-2018-20227 was published for org.eclipse.rdf4j:rdf4j (Maven) May 14, 2022
MarkLee131
Django Arbitrary Code Execution High
CVE-2007-0404 was published for Django (pip) May 1, 2022
MarkLee131
High severity vulnerability that affects io.vertx:vertx-web High
CVE-2018-12540 was published for io.vertx:vertx-web (Maven) Oct 17, 2018
MarkLee131
Apache Geode vulnerable to Incorrect Authorization High
CVE-2017-15695 was published for org.apache.geode:geode-core (Maven) May 13, 2022
MarkLee131
Restlet is vulnerable to Arbitrary Java Code Execution via crafted XML High
CVE-2013-4221 was published for org.restlet.jse:org.restlet (Maven) May 17, 2022
MarkLee131
Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass High
CVE-2018-1258 was published for org.springframework:spring-core (Maven) Oct 17, 2018
MarkLee131 sunSUNQ
Spring Security vulnerable to Authorization Bypass High
CVE-2018-15801 was published for org.springframework.security:spring-security-core (Maven) Dec 20, 2018
MarkLee131 sunSUNQ
Apache Geronimo Application Server multiple directory traversal vulnerabilities High
CVE-2008-5518 was published for org.apache.geronimo.plugins:console (Maven) May 14, 2022
MarkLee131
Commons FileUpload Denial of service vulnerability High
CVE-2014-0050 was published for commons-fileupload:commons-fileupload (Maven) Dec 21, 2018
MarkLee131
Improper certificate validation in org.apache.httpcomponents:httpclient High
CVE-2012-6153 was published for org.apache.httpcomponents:httpclient (Maven) Oct 17, 2018
MarkLee131
Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1 High
CVE-2013-1777 was published for org.apache.geronimo.framework:geronimo-jmx-remoting (Maven) May 17, 2022
westonsteimel MarkLee131
ProTip! Advisories are also available from the GraphQL API