GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
20,099 advisories
Filter by severity
Improper Neutralization of Input During Web Page Generation in html5lib
Moderate
CVE-2016-9909
was published
for
html5lib
(pip)
May 17, 2022
Home Assistant information disclosure vulnerability
High
CVE-2018-21019
was published
for
homeassistant
(pip)
May 24, 2022
Gradio vulnerable to arbitrary file read and proxying of arbitrary URLs
Moderate
CVE-2023-34239
was published
for
gradio
(pip)
Jun 9, 2023
Gunicorn contains Improper Neutralization of CRLF sequences in HTTP headers
High
CVE-2018-1000164
was published
for
gunicorn
(pip)
Jul 12, 2018
Home Assistant vulnerable to account takeover via auth_callback login
Moderate
CVE-2023-41893
was published
for
homeassistant
(pip)
Oct 26, 2023
graphite-web is vulnerable to Remote Code Execution via renderLocalView function
Critical
CVE-2013-5093
was published
for
graphite-web
(pip)
May 17, 2022
Files on the host computer can be accessed from the Gradio interface
High
CVE-2021-43831
was published
for
gradio
(pip)
Jan 21, 2022
Open Redirect in Flask-Security-Too
Low
CVE-2021-32618
was published
for
Flask-Security-Too
(pip)
May 17, 2021
Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage
High
CVE-2019-1010083
was published
for
flask
(pip)
Jul 19, 2019
Untrusted search path under some conditions on Windows allows arbitrary code execution
High
CVE-2024-22190
was published
for
GitPython
(pip)
Jan 10, 2024
Improper Authentication in FreeTAKServer
High
CVE-2022-25508
was published
for
FreeTAKServer
(pip)
Mar 12, 2022
Potential Captcha Validate Bypass in flask-session-captcha
Moderate
CVE-2022-24880
was published
for
flask-session-captcha
(pip)
Apr 26, 2022
Verification check bypass in Gate One
Moderate
CVE-2020-19003
was published
for
gateone
(pip)
Oct 12, 2021
XML External Entity Reference in Glances
Moderate
CVE-2021-23418
was published
for
Glances
(pip)
Aug 9, 2021
Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length
Moderate
CVE-2024-8796
was published
for
devise-two-factor
(RubyGems)
Sep 17, 2024
Flask is vulnerable to Denial of Service via incorrect encoding of JSON data
High
CVE-2018-1000656
was published
for
flask
(pip)
Aug 23, 2018
GitPython untrusted search path on Windows systems leading to arbitrary code execution
High
CVE-2023-40590
was published
for
gitpython
(pip)
Aug 29, 2023
Python Charmers Future denial of service vulnerability
High
CVE-2022-40899
was published
for
future
(pip)
Dec 23, 2022
Ganga allows absolute path traversal
Critical
CVE-2022-31507
was published
for
ganga
(pip)
Jul 13, 2022
An authenticated user can execute arbitrary command in Gerapy
High
CVE-2021-32849
was published
for
gerapy
(pip)
Jan 6, 2022
GitPython blind local file inclusion
Moderate
CVE-2023-41040
was published
for
GitPython
(pip)
Aug 30, 2023
Open redirect in Flask-Unchained
Moderate
CVE-2021-23393
was published
for
Flask-Unchained
(pip)
Jun 15, 2021
flask-oidc Open Redirect vulnerability
High
CVE-2016-1000001
was published
for
flask-oidc
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API