Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,633
Erlang
34
GitHub Actions
25
Go
2,238
Maven
5,000+
npm
3,900
NuGet
701
pip
3,666
Pub
12
RubyGems
914
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,666 advisories

Loading
typed-ast Out-of-bounds Read High
CVE-2019-19274 was published for typed-ast (pip) Dec 2, 2019
fritzdal
2FA bypass in Wagtail through new device path Moderate
CVE-2019-16766 was published for wagtail-2fa (pip) Nov 29, 2019
Apache Airflow vulnerable to XSS and local file disclosure Moderate
CVE-2019-12417 was published for airflow (pip) Nov 22, 2019
sunSUNQ
Uncontrolled deserialization of a pickled object in rediswrapper allows attackers to execute arbitrary scripts Critical
CVE-2019-17206 was published for rediswrapper (pip) Nov 20, 2019
Duplicate Advisory: Possible remote code execution via a remote procedure call High
GHSA-9ggp-4jpr-7ppj was published for rpyc (pip) Nov 20, 2019 withdrawn
Eval injection in Supybot/Limnoria Critical
CVE-2019-19010 was published for limnoria (pip) Nov 20, 2019
Cross-site scripting in Jupyter Notebook Moderate
CVE-2018-21030 was published for notebook (pip) Nov 8, 2019
graphite.composer.views.send_email vulnerable to SSRF High
CVE-2017-18638 was published for graphite-web (pip) Oct 25, 2019
JLLeitschuh alex
orangetw
Server-Side Request Forgery in unoconv High
CVE-2019-17400 was published for unoconv (pip) Oct 24, 2019
DOS attack in Pillow when processing specially crafted image files High
CVE-2019-16865 was published for pillow (pip) Oct 22, 2019
sunSUNQ
High severity vulnerability that affects indico High
GHSA-67cx-rhhq-mfhq was published for indico (pip) Oct 11, 2019
ecdsa Denial of Service vulnerability in signature verification and signature malleability High
CVE-2019-14853 was published for ecdsa (pip) Oct 8, 2019
Cross-Site Request Forgery in MicroPyramid Django CRM High
CVE-2019-11457 was published for django-crm (pip) Sep 11, 2019
Open Redirect in httpie High
CVE-2019-10751 was published for httpie (pip) Aug 27, 2019
Cross-site Scripting in django-js-reverse Moderate
CVE-2019-15486 was published for django-js-reverse (pip) Aug 27, 2019
tdunlap607
NLTK Vulnerable To Path Traversal High
CVE-2019-14751 was published for nltk (pip) Aug 23, 2019
Cross-site scripting in recommender-xblock Moderate
CVE-2018-20858 was published for recommender-xblock (pip) Aug 21, 2019
Pallets Werkzeug Insufficient Entropy High
CVE-2019-14806 was published for werkzeug (pip) Aug 21, 2019
Undirectional routing wasn't respected in some cases in Mitogen Critical
CVE-2019-15149 was published for mitogen (pip) Aug 19, 2019 withdrawn
Improper Certificate Validation in Twisted Critical
CVE-2019-12855 was published for twisted (pip) Aug 16, 2019
SQL Injection in Django Critical
CVE-2019-14234 was published for Django (pip) Aug 16, 2019
Sensitive data written to disk unencrypted in Spark High
CVE-2019-10099 was published for org.apache.spark:spark-core_2.11 (Maven) Aug 8, 2019
Django Denial-of-service in strip_tags() High
CVE-2019-14233 was published for Django (pip) Aug 6, 2019
Uncontrolled Recursion in Django High
CVE-2019-14235 was published for Django (pip) Aug 6, 2019
Django Denial-of-service in django.utils.text.Truncator High
CVE-2019-14232 was published for Django (pip) Aug 6, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database