GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,451 advisories
Filter by severity
jwcrypto token substitution can lead to authentication bypass
Moderate
CVE-2022-3102
was published
for
jwcrypto
(pip)
Sep 21, 2022
mofh Vulnerable to Improper Restriction of XML External Entity Reference
Moderate
GHSA-7r9x-qrpr-3cxw
was published
for
mofh
(pip)
Aug 11, 2022
Vulnerable OpenSSL included in cryptography wheels
Moderate
GHSA-39hc-v87j-747x
was published
for
cryptography
(pip)
Nov 2, 2022
Cross-Site Scripting
Moderate
GHSA-57h7-r3q3-w57j
was published
for
djangorestframework
(pip)
Feb 24, 2021
•
withdrawn
Cross-Site Scripting
Moderate
GHSA-94ww-22rx-493x
was published
for
flower
(pip)
Feb 24, 2021
•
withdrawn
Potential Observable Timing Discrepancy in Wagtail
Moderate
CVE-2020-11037
was published
for
wagtail
(pip)
May 7, 2020
python-gnupg allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended
Moderate
GHSA-qh62-ch95-63wh
was published
for
python-gnupg
(pip)
Mar 13, 2020
•
withdrawn
SQL injection in Tortoise ORM
Moderate
CVE-2020-11010
was published
for
tortoise-orm
(pip)
Apr 20, 2020
Malicious package may avoid detection in python auditing
Moderate
CVE-2020-5252
was published
for
safety
(pip)
Mar 24, 2020
Moderate severity vulnerability that affects python-gnupg
Moderate
CVE-2014-1928
was published
for
python-gnupg
(pip)
Nov 6, 2018
Moderate severity vulnerability that affects roundup
Moderate
CVE-2019-10904
was published
for
roundup
(pip)
Apr 9, 2019
Moderate severity vulnerability that affects mailman
Moderate
CVE-2018-13796
was published
for
mailman
(pip)
Sep 11, 2018
Moderate severity vulnerability that affects Products.PlonePAS
Moderate
CVE-2009-0662
was published
for
Products.PlonePAS
(pip)
Jul 23, 2018
CSRF tokens leaked in URL by canned query form
Moderate
GHSA-q6j3-c4wc-63vw
was published
for
datasette
(pip)
Aug 11, 2020
Moderate severity vulnerability that affects Zope2
Moderate
CVE-2010-1104
was published
for
Zope2
(pip)
Jul 23, 2018
Moderate severity vulnerability that affects aioxmpp
Moderate
GHSA-32f7-cmr3-vpjv
was published
for
aioxmpp
(pip)
Feb 7, 2019
•
withdrawn
Directory traversal outside of SENDFILE_ROOT in django-sendfile2
Moderate
GHSA-6r3c-8xf3-ggrr
was published
for
django-sendfile2
(pip)
Jun 24, 2020
Cross-Site Scripting in Wagtail
Moderate
CVE-2020-15118
was published
for
wagtail
(pip)
Jul 20, 2020
Heap Overflow in PyMiniRacer
Moderate
CVE-2020-25489
was published
for
py-mini-racer
(pip)
Sep 18, 2020
Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpoint
Moderate
GHSA-7h5v-85w9-pq6c
was published
for
matrix-synapse
(pip)
May 19, 2021
ProTip!
Advisories are also available from the
GraphQL API