Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,793
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,947
npm
3,475
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,000 advisories

OpenStack Dashboard (aka Horizon) vulnerable to Cross-site Scripting Moderate
CVE-2014-0157 was published for horizon (pip) May 14, 2022
phpMyAdmin full path disclosure vulnerability Moderate
CVE-2016-5730 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
phpMyAdmin Cross-site scripting (XSS) vulnerability Moderate
CVE-2016-5731 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
phpMyAdmin Denial Of Service (DOS) attack High
CVE-2016-5706 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Mercurial arbitrary code execution vulnerability High
CVE-2016-3630 was published for mercurial (pip) May 14, 2022
Mercurial vulnerable to arbitrary code execution via a crafted name when converting a Git repository High
CVE-2016-3069 was published for mercurial (pip) May 14, 2022
Mercurial arbitrary code execution via a crafted git ext:: URL High
CVE-2016-3068 was published for mercurial (pip) May 14, 2022
phpMyAdmin XSS Vulnerability Moderate
CVE-2016-2040 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
phpMyAdmin Unsafe comparison of XSRF/CSRF token High
CVE-2016-2041 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Django Denial-of-service possibility with strip_tags Moderate
CVE-2015-2316 was published for Django (pip) May 14, 2022
MarkLee131
Django cross-site scripting (XSS) attack via user-supplied redirect URLs Moderate
CVE-2015-2317 was published for Django (pip) May 14, 2022
MarkLee131
Pillow denial of service via PNG bomb Moderate
CVE-2014-9601 was published for pillow (pip) May 14, 2022
Mercurial vulnerable to arbitrary command execution via a crafted repository name in a clone command High
CVE-2014-9462 was published for mercurial (pip) May 14, 2022
phpMyAdmin Implementation XSS Vulnerability on Server Monitor Page Moderate
CVE-2014-8326 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
phpMyAdmin cross-site scripting vulnerability in crafted view name Low
CVE-2014-5274 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Pillow denial of service via Crafted Block Size Moderate
CVE-2014-3589 was published for pillow (pip) May 14, 2022
IPython Notebook vulnerable to improper validation of the origin of websocket requests Moderate
CVE-2014-3429 was published for ipython (pip) May 14, 2022
Pillow is vulnerable to Denial of Service (DOS) in the Jpeg2KImagePlugin Moderate
CVE-2014-3598 was published for pillow (pip) May 14, 2022
Jython Improper Access Restrictions vulnerability Moderate
CVE-2013-2027 was published for org.python:jython-standalone (Maven) May 14, 2022
simplejson before 2.6.1 vulnerable to array index error Moderate
CVE-2014-4616 was published for simplejson (pip) May 14, 2022
westonsteimel
Django denial of service via file upload naming Moderate
CVE-2014-0481 was published for django (pip) May 14, 2022
Improper Neutralization of Input During Web Page Generation in Jupyter Notebook Moderate
CVE-2015-6938 was published for ipython (pip) May 14, 2022
Twig remote code execution in templates High
CVE-2015-7809 was published for twig/twig (Composer) May 14, 2022
Ansible Arbitrary Code Execution High
CVE-2014-3498 was published for ansible (pip) May 14, 2022
Ansible uses a socket with predictable filename in /tmp Low
CVE-2013-4259 was published for Ansible (pip) May 14, 2022
ProTip! Advisories are also available from the GraphQL API