GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
361 advisories
Filter by severity
Uncontrolled deserialization of a pickled object in rediswrapper allows attackers to execute arbitrary scripts
Critical
CVE-2019-17206
was published
for
rediswrapper
(pip)
Nov 20, 2019
Eval injection in Supybot/Limnoria
Critical
CVE-2019-19010
was published
for
limnoria
(pip)
Nov 20, 2019
Undirectional routing wasn't respected in some cases in Mitogen
Critical
CVE-2019-15149
was published
for
mitogen
(pip)
Aug 19, 2019
•
withdrawn
aubio Buffer Overflow vulnerability
Critical
CVE-2018-19800
was published
for
aubio
(pip)
Jul 26, 2019
Improper Restriction of XML External Entity Reference in ladon
Critical
CVE-2019-1010268
was published
for
ladon
(pip)
Jul 26, 2019
Improper Verification of Cryptographic Signature in django-rest-registration
Critical
CVE-2019-13177
was published
for
django-rest-registration
(pip)
Jul 2, 2019
Improper Authentication in Buildbot
Critical
CVE-2019-12300
was published
for
buildbot
(pip)
May 29, 2019
Integer Overflow or Wraparound in Google TensorFlow
Critical
CVE-2018-7575
was published
for
tensorflow
(pip)
Apr 30, 2019
SQLAlchemy vulnerable to SQL Injection via order_by parameter
Critical
CVE-2019-7164
was published
for
SQLAlchemy
(pip)
Apr 16, 2019
ipycache is vulnerable to Code Injection
Critical
CVE-2019-7539
was published
for
ipycache
(pip)
Mar 25, 2019
Apache Airflow vulnerable to XSS
Critical
CVE-2017-17836
was published
for
apache-airflow
(pip)
Jan 25, 2019
modulemd uses an unsafe function for processing externally provided data
Critical
CVE-2017-1002157
was published
for
modulemd
(pip)
Jan 17, 2019
Bleach URI Scheme Restriction Bypass
Critical
CVE-2018-7753
was published
for
bleach
(pip)
Jan 4, 2019
PyYAML insecurely deserializes YAML strings leading to arbitrary code execution
Critical
CVE-2017-18342
was published
for
pyyaml
(pip)
Jan 4, 2019
Code injection in Danijar Definitions
Critical
CVE-2018-20325
was published
for
definitions
(pip)
Dec 26, 2018
Exposure of Sensitive Information to an Unauthorized Actor in urllib3
Critical
CVE-2018-20060
was published
for
urllib3
(pip)
Dec 12, 2018
Deserialization of Untrusted Data in superset
Critical
CVE-2018-8021
was published
for
superset
(pip)
Nov 9, 2018
Ansible fails to properly sanitize fact variables sent from the Ansible controller
Critical
CVE-2016-8628
was published
for
ansible
(pip)
Oct 10, 2018
Ansible fails to properly mark lookup-plugin results as unsafe
Critical
CVE-2017-7481
was published
for
ansible
(pip)
Sep 6, 2018
ProTip!
Advisories are also available from the
GraphQL API