Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,066 advisories

Django allows unintended model editing Moderate
CVE-2019-19118 was published for django (pip) Dec 4, 2019
sunSUNQ
possible DoS caused by malformed signature decoding in Pure-Python ECDSA Moderate
GHSA-2mrj-435v-c2cr was published for ecdsa (pip) Dec 2, 2019 withdrawn
typed-ast Out-of-bounds Read High
CVE-2019-19275 was published for typed-ast (pip) Dec 2, 2019
typed-ast Out-of-bounds Read High
CVE-2019-19274 was published for typed-ast (pip) Dec 2, 2019
2FA bypass in Wagtail through new device path High
CVE-2019-16766 was published for wagtail-2fa (pip) Nov 29, 2019
Apache Airflow vulnerable to XSS and local file disclosure Moderate
CVE-2019-12417 was published for apache-airflow (pip) Nov 22, 2019
sunSUNQ
Uncontrolled deserialization of a pickled object in rediswrapper allows attackers to execute arbitrary scripts Critical
CVE-2019-17206 was published for rediswrapper (pip) Nov 20, 2019
Possible remote code execution via a remote procedure call High
GHSA-9ggp-4jpr-7ppj was published for rpyc (pip) Nov 20, 2019 withdrawn
Eval injection in Supybot/Limnoria Critical
CVE-2019-19010 was published for limnoria (pip) Nov 20, 2019
Cross-site scripting in Jupyter Notebook Moderate
CVE-2018-21030 was published for notebook (pip) Nov 8, 2019
graphite.composer.views.send_email vulnerable to SSRF High
CVE-2017-18638 was published for graphite-web (pip) Oct 25, 2019
JLLeitschuh alex
orangetw
Server-Side Request Forgery in unoconv High
CVE-2019-17400 was published for unoconv (pip) Oct 24, 2019
DOS attack in Pillow when processing specially crafted image files High
CVE-2019-16865 was published for pillow (pip) Oct 22, 2019
sunSUNQ
High severity vulnerability that affects indico High
GHSA-67cx-rhhq-mfhq was published for indico (pip) Oct 11, 2019
ecdsa Denial of Service vulnerability in signature verification and signature malleability High
CVE-2019-14853 was published for ecdsa (pip) Oct 8, 2019
Cross-Site Request Forgery in MicroPyramid Django CRM High
CVE-2019-11457 was published for django-crm (pip) Sep 11, 2019
Open Redirect in httpie High
CVE-2019-10751 was published for httpie (pip) Aug 27, 2019
Cross-site Scripting in django-js-reverse Moderate
CVE-2019-15486 was published for django-js-reverse (pip) Aug 27, 2019
tdunlap607
NLTK Vulnerable To Path Traversal High
CVE-2019-14751 was published for nltk (pip) Aug 23, 2019
Cross-site scripting in recommender-xblock Moderate
CVE-2018-20858 was published for recommender-xblock (pip) Aug 21, 2019
Pallets Werkzeug Insufficient Entropy High
CVE-2019-14806 was published for werkzeug (pip) Aug 21, 2019
Undirectional routing wasn't respected in some cases in Mitogen Critical
CVE-2019-15149 was published for mitogen (pip) Aug 19, 2019 withdrawn
Improper Certificate Validation in Twisted High
CVE-2019-12855 was published for twisted (pip) Aug 16, 2019
SQL Injection in Django Critical
CVE-2019-14234 was published for django (pip) Aug 16, 2019
Django Denial-of-service in strip_tags() High
CVE-2019-14233 was published for django (pip) Aug 6, 2019
ProTip! Advisories are also available from the GraphQL API