Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

20,099 advisories

Loading
Improper Neutralization of Input During Web Page Generation in html5lib Moderate
CVE-2016-9909 was published for html5lib (pip) May 17, 2022
Home Assistant information disclosure vulnerability High
CVE-2018-21019 was published for homeassistant (pip) May 24, 2022
Gradio vulnerable to arbitrary file read and proxying of arbitrary URLs Moderate
CVE-2023-34239 was published for gradio (pip) Jun 9, 2023
mastomii
Gunicorn contains Improper Neutralization of CRLF sequences in HTTP headers High
CVE-2018-1000164 was published for gunicorn (pip) Jul 12, 2018
Home Assistant vulnerable to account takeover via auth_callback login Moderate
CVE-2023-41893 was published for homeassistant (pip) Oct 26, 2023
graphite-web is vulnerable to Remote Code Execution via renderLocalView function Critical
CVE-2013-5093 was published for graphite-web (pip) May 17, 2022
Files on the host computer can be accessed from the Gradio interface High
CVE-2021-43831 was published for gradio (pip) Jan 21, 2022
haby0
Open Redirect in Flask-Security-Too Low
CVE-2021-32618 was published for Flask-Security-Too (pip) May 17, 2021
tdunlap607
Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage High
CVE-2019-1010083 was published for flask (pip) Jul 19, 2019
Ghcml
Untrusted search path under some conditions on Windows allows arbitrary code execution High
CVE-2024-22190 was published for GitPython (pip) Jan 10, 2024
EliahKagan
Improper Authentication in FreeTAKServer High
CVE-2022-25508 was published for FreeTAKServer (pip) Mar 12, 2022
Potential Captcha Validate Bypass in flask-session-captcha Moderate
CVE-2022-24880 was published for flask-session-captcha (pip) Apr 26, 2022
GuillaumeGomez
Verification check bypass in Gate One Moderate
CVE-2020-19003 was published for gateone (pip) Oct 12, 2021
XML External Entity Reference in Glances Moderate
CVE-2021-23418 was published for Glances (pip) Aug 9, 2021
Command injection in Gerapy Critical
CVE-2020-7698 was published for gerapy (pip) May 6, 2021
Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length Moderate
CVE-2024-8796 was published for devise-two-factor (RubyGems) Sep 17, 2024
syntacticNaCl mark-adams
Flask is vulnerable to Denial of Service via incorrect encoding of JSON data High
CVE-2018-1000656 was published for flask (pip) Aug 23, 2018
tdunlap607
GitPython untrusted search path on Windows systems leading to arbitrary code execution High
CVE-2023-40590 was published for gitpython (pip) Aug 29, 2023
stsewd MicaelJarniac
Python Charmers Future denial of service vulnerability High
CVE-2022-40899 was published for future (pip) Dec 23, 2022
GoetzGoerisch
Flower OAuth authentication bypass High
CVE-2022-30034 was published for flower (pip) Jun 3, 2022
tprynn
Ganga allows absolute path traversal Critical
CVE-2022-31507 was published for ganga (pip) Jul 13, 2022
An authenticated user can execute arbitrary command in Gerapy High
CVE-2021-32849 was published for gerapy (pip) Jan 6, 2022
GitPython blind local file inclusion Moderate
CVE-2023-41040 was published for GitPython (pip) Aug 30, 2023
stsewd m3t3kh4n
EliahKagan
Open redirect in Flask-Unchained Moderate
CVE-2021-23393 was published for Flask-Unchained (pip) Jun 15, 2021
flask-oidc Open Redirect vulnerability High
CVE-2016-1000001 was published for flask-oidc (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API