Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,985
Erlang
29
GitHub Actions
16
Go
1,774
Maven
5,000
npm
3,541
NuGet
617
pip
3,123
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,123 advisories

Loading
websockets is vulnerable to denial of service by memory exhaustion High
CVE-2018-1000518 was published for websockets (pip) Sep 17, 2018
ericwb
Django allows unprivileged users to read the password hashes of arbitrary accounts Moderate
CVE-2018-16984 was published for django (pip) Oct 3, 2018
sunSUNQ
Django Information leakage in AuthenticationForm High
CVE-2018-6188 was published for django (pip) Oct 3, 2018
MarkLee131
Django open redirect Moderate
CVE-2018-14574 was published for django (pip) Oct 4, 2018
MarkLee131
Qutebrowser CSRF Vulnerability High
CVE-2018-10895 was published for qutebrowser (pip) Oct 10, 2018
Paramiko Authentication Bypass vulnerability High
CVE-2018-1000805 was published for paramiko (pip) Oct 10, 2018
Pyopenssl Incorrect Memory Management Moderate
CVE-2018-1000808 was published for pyopenssl (pip) Oct 10, 2018
PyOpenSSL Use-After-Free vulnerability High
CVE-2018-1000807 was published for pyopenssl (pip) Oct 10, 2018
tdunlap607
In marshmallow library the schema "only" option treats an empty list as implying no "only" option Moderate
CVE-2018-17175 was published for marshmallow (pip) Oct 10, 2018
Ansible is vulnerable to an improper input validation in Ansible's handling of data sent from client systems High
CVE-2016-9587 was published for ansible (pip) Oct 10, 2018
Ansible fails to properly sanitize fact variables sent from the Ansible controller Critical
CVE-2016-8628 was published for ansible (pip) Oct 10, 2018
Ansible exposes sensitive data in log files and on the terminal Moderate
CVE-2018-10855 was published for ansible (pip) Oct 10, 2018
Ansible apt_key module does not properly verify key fingerprint High
CVE-2016-8614 was published for ansible (pip) Oct 10, 2018
Improper Input Validation in ansible Moderate
CVE-2016-8647 was published for ansible (pip) Oct 10, 2018
Ansible fails to cache SSH host keys High
CVE-2013-2233 was published for ansible (pip) Oct 10, 2018
Link Following in ansible High
CVE-2016-3096 was published for ansible (pip) Oct 10, 2018
Ansible does not verify that the server hostname matches a domain name in certificates Moderate
CVE-2015-3908 was published for ansible (pip) Oct 10, 2018
conference-scheduler-cli Arbitrary Code Execution High
CVE-2018-14572 was published for conference-scheduler-cli (pip) Oct 29, 2018
Insufficiently Protected Credentials in Requests High
CVE-2018-18074 was published for requests (pip) Oct 29, 2018
Improper Input Validation in kdcproxy High
CVE-2015-5159 was published for kdcproxy (pip) Nov 1, 2018
python-gnupg vulnerable to shell injection Moderate
CVE-2014-1929 was published for python-gnupg (pip) Nov 6, 2018
Moderate severity vulnerability that affects python-gnupg Moderate
CVE-2014-1928 was published for python-gnupg (pip) Nov 6, 2018
High severity vulnerability that affects python-gnupg High
CVE-2013-7323 was published for python-gnupg (pip) Nov 6, 2018
High severity vulnerability that affects python-gnupg High
CVE-2014-1927 was published for python-gnupg (pip) Nov 6, 2018
Deserialization of Untrusted Data in superset Critical
CVE-2018-8021 was published for superset (pip) Nov 9, 2018
ProTip! Advisories are also available from the GraphQL API