Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

24 advisories

Loading
pysaml2 Improper Authentication vulnerability High
CVE-2017-1000433 was published for pysaml2 (pip) Jul 13, 2018
tdunlap607
Flask is vulnerable to Denial of Service via incorrect encoding of JSON data High
CVE-2018-1000656 was published for flask (pip) Aug 23, 2018
tdunlap607
PyOpenSSL Use-After-Free vulnerability High
CVE-2018-1000807 was published for pyopenssl (pip) Oct 10, 2018
tdunlap607
Pylons Colander Denial of Service vulnerability High
CVE-2017-18361 was published for colander (pip) Feb 7, 2019
tdunlap607
Uncontrolled Memory Consumption in Django High
CVE-2019-6975 was published for Django (pip) Feb 12, 2019
tdunlap607
Improper Certificate Validation in urllib3 High
CVE-2019-11324 was published for urllib3 (pip) Apr 19, 2019
tdunlap607
Improper Restriction of Operations within the Bounds of a Memory Buffer in Google TensorFlow High
CVE-2018-8825 was published for tensorflow (pip) Apr 24, 2019
tdunlap607
Aubio is vulnerable to a NULL pointer dereference in new_aubio_notes function High
CVE-2018-19802 was published for aubio (pip) Jul 26, 2019
tdunlap607
Log injection in uvicorn High
CVE-2020-7694 was published for uvicorn (pip) Jul 29, 2020
tdunlap607
Out of bounds read in Pillow High
CVE-2021-25291 was published for Pillow (pip) Mar 29, 2021
tdunlap607 sunSUNQ
Path Traversal in Django High
CVE-2021-31542 was published for Django (pip) Jun 4, 2021
tdunlap607
Potential infinite loop in Pillow High
CVE-2021-28676 was published for Pillow (pip) Jun 8, 2021
tdunlap607
Django Access Control Bypass possibly leading to SSRF, RFI, and LFI attacks High
CVE-2021-33571 was published for Django (pip) Jun 10, 2021
tdunlap607
XML External Entity Injection in PyWPS High
CVE-2021-39371 was published for pywps (pip) Sep 2, 2021
tdunlap607
Authentication Bypass Using an Alternate Path or Channel and Authentication Bypass by Primary Weakness in rucio-webui High
GHSA-v988-828w-xvf2 was published for rucio-webui (pip) Oct 22, 2021
tdunlap607
Signature verification vulnerability in Stark Bank ecdsa libraries High
GHSA-9wx7-jrvc-28mm was published for com.starkbank:ecdsa-java (Maven) Nov 8, 2021
tdunlap607
Information disclosure in Django High
CVE-2021-45116 was published for Django (pip) Jan 12, 2022
tdunlap607
Infinite Loop in Django High
CVE-2022-23833 was published for Django (pip) Feb 4, 2022
tdunlap607 MarkLee131
Incorrect Default Permissions in Cobbler High
CVE-2021-45083 was published for cobbler (pip) Feb 21, 2022
tdunlap607
Improper Restriction of XML External Entity Reference in python-docx High
CVE-2016-5851 was published for python-docx (pip) May 13, 2022
tdunlap607
Plone Code Injection vulnerability High
CVE-2012-5488 was published for Plone (pip) May 17, 2022
tdunlap607
Uncontrolled Resource Consumption in asyncua and opcua High
CVE-2022-25304 was published for asyncua (pip) Aug 24, 2022
GoetzGoerisch tdunlap607
Arches vulnerable to execution of arbitrary SQL High
CVE-2022-41892 was published for arches (pip) Nov 11, 2022
sylwia-budzynska tdunlap607
GitPython vulnerable to Remote Code Execution due to improper user input validation High
CVE-2022-24439 was published for GitPython (pip) Dec 6, 2022
ad-m-ss tdunlap607
ProTip! Advisories are also available from the GraphQL API