Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,752
Maven
5,000+
npm
4,357
NuGet
765
pip
4,121
Pub
12
RubyGems
961
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,121 advisories

Loading
Ansible fails to properly mark lookup-plugin results as unsafe Critical
CVE-2017-7481 was published for ansible (pip) Sep 6, 2018
decsecre583
Credited to decsecre583
Moderate severity vulnerability that affects mayan-edms Moderate
CVE-2018-16407 was published for mayan-edms (pip) Sep 6, 2018
Moderate severity vulnerability that affects mayan-edms Moderate
CVE-2018-16406 was published for mayan-edms (pip) Sep 6, 2018
mayan-edms Cross-site Scripting vulnerability Moderate
CVE-2018-16405 was published for mayan-edms (pip) Sep 6, 2018
PyCryptodome integer overflow vulnerability High
CVE-2018-15560 was published for pycryptodome (pip) Aug 27, 2018
Flask is vulnerable to Denial of Service via incorrect encoding of JSON data High
CVE-2018-1000656 was published for flask (pip) Aug 23, 2018
tdunlap607
Credited to tdunlap607
Pyro mishandles pid files in temporary directory locations and opening the pid file as root High
CVE-2011-2765 was published for pyro (pip) Aug 21, 2018
SQL Injection in pycsw Critical
CVE-2016-8640 was published for pycsw (pip) Aug 15, 2018
PyCA Cryptography vulnerable to GCM tag forgery High
CVE-2018-10903 was published for cryptography (pip) Jul 31, 2018
Mitmweb in mitmproxy allows DNS Rebinding attacks Critical
CVE-2018-14505 was published for mitmproxy (pip) Jul 31, 2018
Code injection in rope Critical
CVE-2014-3539 was published for rope (pip) Jul 26, 2018
Pillow Integer overflow in ImagingResampleHorizontal Critical
CVE-2016-4009 was published for pillow (pip) Jul 24, 2018
Pillow Buffer overflow in ImagingFliDecode High
CVE-2016-0775 was published for Pillow (pip) Jul 24, 2018
Pillow buffer overflow in ImagingPcdDecode High
CVE-2016-2533 was published for pillow (pip) Jul 24, 2018
Pillow Integer overflow in Map.c Moderate
CVE-2016-9189 was published for pillow (pip) Jul 24, 2018
Pillow Buffer overflow in ImagingLibTiffDecode Moderate
CVE-2016-0740 was published for pillow (pip) Jul 24, 2018
feedparser denial of service vulnerability High
CVE-2012-2921 was published for feedparser (pip) Jul 24, 2018
Plone Cross-site Scripting vulnerability Moderate
CVE-2011-1949 was published for Plone (pip) Jul 23, 2018
Cross-site scripting in django Moderate
CVE-2011-0697 was published for Django (pip) Jul 23, 2018
sunSUNQ
Credited to sunSUNQ
Plone and plone.app.users allow remote authenticated users to modify the properties of arbitrary accounts High
CVE-2011-1950 was published for Plone (pip) Jul 23, 2018
Cross-site scripting in django Moderate
CVE-2010-3082 was published for Django (pip) Jul 23, 2018
tdunlap607
Credited to tdunlap607
Session manipulation in Django Moderate
CVE-2011-4136 was published for Django (pip) Jul 23, 2018
MarkLee131
Credited to MarkLee131
Plone allows remote attackers to read hidden folder contents High
CVE-2012-5503 was published for Plone (pip) Jul 23, 2018
Directory traversal in Django Critical
CVE-2011-0698 was published for Django (pip) Jul 23, 2018
MarkLee131
Credited to MarkLee131
feedparser Cross-site Scripting vulnerability Moderate
CVE-2011-1157 was published for feedparser (pip) Jul 23, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database