GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,066 advisories
Filter by severity
Moderate severity vulnerability that affects mailman
Moderate
CVE-2018-13796
was published
for
mailman
(pip)
Sep 11, 2018
User passwords are stored in clear text in the Django session
High
CVE-2020-15105
was published
for
django-two-factor-auth
(pip)
Jul 10, 2020
Cross-site Scripting in invenio-previewer
Moderate
CVE-2019-1020019
was published
for
invenio-previewer
(pip)
Jul 16, 2019
Moderate severity vulnerability that affects Plone
Moderate
CVE-2012-5503
was published
for
Plone
(pip)
Jul 23, 2018
markdown2 is vulnerable to cross-site scripting
Moderate
CVE-2018-5773
was published
for
markdown2
(pip)
Jul 12, 2018
Moderate severity vulnerability that affects Products.PlonePAS
Moderate
CVE-2009-0662
was published
for
Products.PlonePAS
(pip)
Jul 23, 2018
JSNAPy allows unprivileged local users to alter files under the directory
Moderate
CVE-2018-0023
was published
for
jsnapy
(pip)
Jul 12, 2018
High severity vulnerability that affects python-gnupg
High
CVE-2014-1927
was published
for
python-gnupg
(pip)
Nov 6, 2018
Arbitrary code using "crafted image file" approach affecting Pillow
High
CVE-2016-9190
was published
for
Pillow
(pip)
Jul 12, 2018
Timing attack on django-basic-auth-ip-whitelist
Low
CVE-2020-4071
was published
for
django-basic-auth-ip-whitelist
(pip)
Jun 23, 2020
Multiple stored XSS in RBAC Admin screens in Apache Airflow
Moderate
CVE-2020-11983
was published
for
apache-airflow
(pip)
Jul 27, 2020
CSRF tokens leaked in URL by canned query form
Moderate
GHSA-q6j3-c4wc-63vw
was published
for
datasette
(pip)
Aug 11, 2020
FedMsg not properly completing message validation
High
CVE-2017-1000001
was published
for
FedMsg
(pip)
Jul 13, 2018
Moderate severity vulnerability that affects Zope2
Moderate
CVE-2010-1104
was published
for
Zope2
(pip)
Jul 23, 2018
Stored XSS in Apache Airflow
Moderate
CVE-2020-9485
was published
for
apache-airflow
(pip)
Jul 27, 2020
Pyro mishandles pid files in temporary directory locations and opening the pid file as root
High
CVE-2011-2765
was published
for
pyro
(pip)
Aug 21, 2018
Moderate severity vulnerability that affects aioxmpp
Moderate
GHSA-32f7-cmr3-vpjv
was published
for
aioxmpp
(pip)
Feb 7, 2019
•
withdrawn
Path Traversal in openapi-python-client
Low
CVE-2020-15141
was published
for
openapi-python-client
(pip)
Aug 20, 2020
Directory traversal outside of SENDFILE_ROOT in django-sendfile2
Moderate
GHSA-6r3c-8xf3-ggrr
was published
for
django-sendfile2
(pip)
Jun 24, 2020
Arbitrary Code Generation
High
CVE-2020-15142
was published
for
openapi-python-client
(pip)
Aug 20, 2020
Improper Input Validation in kdcproxy
High
CVE-2015-5159
was published
for
kdcproxy
(pip)
Nov 1, 2018
Cross-Site Scripting in Wagtail
Moderate
CVE-2020-15118
was published
for
wagtail
(pip)
Jul 20, 2020
ProTip!
Advisories are also available from the
GraphQL API