Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,980
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,113
Pub
10
RubyGems
838
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,113 advisories

Loading
Formula Injection in Exported Data Moderate
GHSA-7rq4-qcpw-74gq was published for inventree (pip) Jun 17, 2022
saharshtapi
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pycares Moderate
GHSA-c58j-88f5-h53f was published for pycares (pip) Jul 5, 2022
SentinelOne impersonated via PyPI packages High
GHSA-g86j-hwg9-77q5 was published for SentinelOne (pip) Dec 27, 2022
personnummer/python vulnerable to Improper Input Validation Low
GHSA-rxq3-5249-8hgg was published for personnummer (pip) Sep 9, 2020
Twisted vulnerable to HTTP Request Smuggling Attacks Moderate
GHSA-8r99-h8j2-rw64 was published for twisted (pip) Oct 7, 2022
Modoboa is vulnerable to Cross-Site Request Forgery Moderate
CVE-2023-0398 was published for modoboa (pip) Jan 19, 2023
Missing Initialization of Resource in Apache Arrow High
CVE-2019-12408 was published for pyarrow (RubyGems) May 24, 2022
jiajie-chen-havas
Missing Initialization of Resource in Apache Arrow High
CVE-2019-12410 was published for pyarrow (RubyGems) May 24, 2022
Cross-Site Request Forgery in modoboa Moderate
CVE-2023-0438 was published for modoboa (pip) Jan 23, 2023
Improper Input Validation in pyload-ng Moderate
CVE-2023-0434 was published for pyload-ng (pip) Jan 22, 2023
Integer overflow in Pillow High
CVE-2020-5310 was published for Pillow (pip) Nov 3, 2021
Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints High
CVE-2022-43719 was published for apache-superset (pip) Jan 16, 2023
Apache Superset is vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2022-43718 was published for apache-superset (pip) Jan 16, 2023
Apache Superset vulnerable to Cross-site Scripting Moderate
CVE-2022-43717 was published for apache-superset (pip) Jan 16, 2023
Apache Superset's SQL Alchemy connector vulnerable to SQL Injection Moderate
CVE-2022-41703 was published for apache-superset (pip) Jan 16, 2023
Apache Superset vulnerable to Injection Moderate
CVE-2022-43720 was published for apache-superset (pip) Jan 16, 2023
Apache Superset has Improper Access Control Moderate
CVE-2022-45438 was published for apache-superset (pip) Jan 16, 2023
Apache Superset Open Redirect vulnerability Moderate
CVE-2022-43721 was published for apache-superset (pip) Jan 16, 2023
Improper Certificate Validation in pyload-ng High
CVE-2023-0509 was published for pyload-ng (pip) Jan 27, 2023
Cross-site Scripting in modoboa High
CVE-2023-0470 was published for modoboa (pip) Jan 27, 2023
Cross Site Request Forgery in mailman High
CVE-2021-44227 was published for mailman (pip) Dec 16, 2021
Improper Authorization in cobbler High
CVE-2022-0860 was published for cobbler (pip) Mar 11, 2022
ysf
Path traversal in FreeTAKServer-UI Moderate
CVE-2022-25511 was published for FreeTAKServer-UI (pip) Mar 12, 2022
Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI High
CVE-2022-25512 was published for FreeTAKServer-UI (pip) Mar 12, 2022
SQL Injection in FreeTAKServer-UI Moderate
CVE-2022-25506 was published for FreeTAKServer-UI (pip) Mar 12, 2022
ProTip! Advisories are also available from the GraphQL API