GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,093 advisories
Filter by severity
HTTPie allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack
High
CVE-2023-48052
was published
for
httpie
(pip)
Nov 16, 2023
GramAddict bot uses dependency with reverse tcp backdoor
High
CVE-2020-36245
was published
for
GramAddict
(pip)
May 24, 2022
graphite.composer.views.send_email vulnerable to SSRF
High
CVE-2017-18638
was published
for
graphite-web
(pip)
Oct 25, 2019
HPACK Denial of Service vulnerability (HPACK Bomb)
High
CVE-2016-6581
was published
for
hpack
(pip)
Jul 5, 2019
Use of insecure temporary file in Horovod
High
CVE-2022-0315
was published
for
horovod
(pip)
Mar 29, 2022
Home Assistant information disclosure vulnerability
High
CVE-2018-21019
was published
for
homeassistant
(pip)
May 24, 2022
Gunicorn contains Improper Neutralization of CRLF sequences in HTTP headers
High
CVE-2018-1000164
was published
for
gunicorn
(pip)
Jul 12, 2018
Files on the host computer can be accessed from the Gradio interface
High
CVE-2021-43831
was published
for
gradio
(pip)
Jan 21, 2022
Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage
High
CVE-2019-1010083
was published
for
flask
(pip)
Jul 19, 2019
Untrusted search path under some conditions on Windows allows arbitrary code execution
High
CVE-2024-22190
was published
for
GitPython
(pip)
Jan 10, 2024
Improper Authentication in FreeTAKServer
High
CVE-2022-25508
was published
for
FreeTAKServer
(pip)
Mar 12, 2022
Flask is vulnerable to Denial of Service via incorrect encoding of JSON data
High
CVE-2018-1000656
was published
for
flask
(pip)
Aug 23, 2018
GitPython untrusted search path on Windows systems leading to arbitrary code execution
High
CVE-2023-40590
was published
for
gitpython
(pip)
Aug 29, 2023
Python Charmers Future denial of service vulnerability
High
CVE-2022-40899
was published
for
future
(pip)
Dec 23, 2022
An authenticated user can execute arbitrary command in Gerapy
High
CVE-2021-32849
was published
for
gerapy
(pip)
Jan 6, 2022
flask-oidc Open Redirect vulnerability
High
CVE-2016-1000001
was published
for
flask-oidc
(pip)
May 17, 2022
GeoNode vulnerable to SSRF Bypass to return internal host data
High
CVE-2023-42439
was published
for
GeoNode
(pip)
Sep 20, 2023
Flask-Cors Directory Traversal vulnerability
High
CVE-2020-25032
was published
for
Flask-Cors
(pip)
May 6, 2021
Refuel Autolab Eval Injection vulnerability
High
CVE-2024-27321
was published
for
refuel-autolabel
(pip)
Sep 12, 2024
GitPython vulnerable to Remote Code Execution due to improper user input validation
High
CVE-2022-24439
was published
for
GitPython
(pip)
Dec 6, 2022
Regular Expression Denial of Service in flask-restx
High
CVE-2021-32838
was published
for
flask-restx
(pip)
Sep 8, 2021
FormEncode Access Restrictions Bypass
High
CVE-2008-6547
was published
for
FormEncode
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API