Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,066 advisories

Moderate severity vulnerability that affects mailman Moderate
CVE-2018-13796 was published for mailman (pip) Sep 11, 2018
User passwords are stored in clear text in the Django session High
CVE-2020-15105 was published for django-two-factor-auth (pip) Jul 10, 2020
nickcatal liewegas
benweissmann
Cross-site Scripting in invenio-previewer Moderate
CVE-2019-1020019 was published for invenio-previewer (pip) Jul 16, 2019
Moderate severity vulnerability that affects Plone Moderate
CVE-2012-5503 was published for Plone (pip) Jul 23, 2018
markdown2 is vulnerable to cross-site scripting Moderate
CVE-2018-5773 was published for markdown2 (pip) Jul 12, 2018
woodruffw
Moderate severity vulnerability that affects Products.PlonePAS Moderate
CVE-2009-0662 was published for Products.PlonePAS (pip) Jul 23, 2018
JSNAPy allows unprivileged local users to alter files under the directory Moderate
CVE-2018-0023 was published for jsnapy (pip) Jul 12, 2018
High severity vulnerability that affects python-gnupg High
CVE-2014-1927 was published for python-gnupg (pip) Nov 6, 2018
Arbitrary code using "crafted image file" approach affecting Pillow High
CVE-2016-9190 was published for Pillow (pip) Jul 12, 2018
Timing attack on django-basic-auth-ip-whitelist Low
CVE-2020-4071 was published for django-basic-auth-ip-whitelist (pip) Jun 23, 2020
thibaudcolas
Session Fixation in Tryton Moderate
CVE-2018-19443 was published for tryton (pip) Nov 29, 2018
Multiple stored XSS in RBAC Admin screens in Apache Airflow Moderate
CVE-2020-11983 was published for apache-airflow (pip) Jul 27, 2020
CSRF tokens leaked in URL by canned query form Moderate
GHSA-q6j3-c4wc-63vw was published for datasette (pip) Aug 11, 2020
FedMsg not properly completing message validation High
CVE-2017-1000001 was published for FedMsg (pip) Jul 13, 2018
Moderate severity vulnerability that affects Zope2 Moderate
CVE-2010-1104 was published for Zope2 (pip) Jul 23, 2018
Buffer Overflow in pycrypto Critical
CVE-2013-7459 was published for pycrypto (pip) Dec 14, 2018
Stored XSS in Apache Airflow Moderate
CVE-2020-9485 was published for apache-airflow (pip) Jul 27, 2020
Pyro mishandles pid files in temporary directory locations and opening the pid file as root High
CVE-2011-2765 was published for pyro (pip) Aug 21, 2018
Moderate severity vulnerability that affects aioxmpp Moderate
GHSA-32f7-cmr3-vpjv was published for aioxmpp (pip) Feb 7, 2019 withdrawn
Path Traversal in openapi-python-client Low
CVE-2020-15141 was published for openapi-python-client (pip) Aug 20, 2020
pawamoy emann
Directory traversal outside of SENDFILE_ROOT in django-sendfile2 Moderate
GHSA-6r3c-8xf3-ggrr was published for django-sendfile2 (pip) Jun 24, 2020
gipi moggers87
Arbitrary Code Generation High
CVE-2020-15142 was published for openapi-python-client (pip) Aug 20, 2020
emann dtkav
dbanty westonsteimel
Improper Input Validation in kdcproxy High
CVE-2015-5159 was published for kdcproxy (pip) Nov 1, 2018
Cross-Site Scripting in Wagtail Moderate
CVE-2020-15118 was published for wagtail (pip) Jul 20, 2020
acarasimon96
Client Denial of Service on TUF Moderate
CVE-2020-6173 was published for tuf (pip) Aug 21, 2020
ProTip! Advisories are also available from the GraphQL API