Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,458
Erlang
33
GitHub Actions
22
Go
2,156
Maven
5,000+
npm
3,818
NuGet
693
pip
3,497
Pub
12
RubyGems
903
Rust
903
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,497 advisories

Loading
HTTP Request Smuggling: LF vs CRLF handling in Waitress Moderate
CVE-2019-16785 was published for waitress (pip) Dec 20, 2019
Python Twisted trustRoot is not respected in HTTP client High
CVE-2014-7143 was published for twisted (pip) Dec 17, 2019
Heap buffer overflow in `UnsortedSegmentSum` in TensorFlow Low
CVE-2019-16778 was published for tensorflow (pip) Dec 16, 2019
Django allows unintended model editing High
CVE-2019-19118 was published for Django (pip) Dec 4, 2019
sunSUNQ
Duplicate Advisory: possible DoS caused by malformed signature decoding in Pure-Python ECDSA Moderate
GHSA-2mrj-435v-c2cr was published for ecdsa (pip) Dec 2, 2019 withdrawn
typed-ast Out-of-bounds Read High
CVE-2019-19275 was published for typed-ast (pip) Dec 2, 2019
typed-ast Out-of-bounds Read High
CVE-2019-19274 was published for typed-ast (pip) Dec 2, 2019
fritzdal
2FA bypass in Wagtail through new device path Moderate
CVE-2019-16766 was published for wagtail-2fa (pip) Nov 29, 2019
Apache Airflow vulnerable to XSS and local file disclosure Moderate
CVE-2019-12417 was published for airflow (pip) Nov 22, 2019
sunSUNQ
Uncontrolled deserialization of a pickled object in rediswrapper allows attackers to execute arbitrary scripts Critical
CVE-2019-17206 was published for rediswrapper (pip) Nov 20, 2019
Duplicate Advisory: Possible remote code execution via a remote procedure call High
GHSA-9ggp-4jpr-7ppj was published for rpyc (pip) Nov 20, 2019 withdrawn
Eval injection in Supybot/Limnoria Critical
CVE-2019-19010 was published for limnoria (pip) Nov 20, 2019
Cross-site scripting in Jupyter Notebook Moderate
CVE-2018-21030 was published for notebook (pip) Nov 8, 2019
graphite.composer.views.send_email vulnerable to SSRF High
CVE-2017-18638 was published for graphite-web (pip) Oct 25, 2019
JLLeitschuh alex
orangetw
Server-Side Request Forgery in unoconv High
CVE-2019-17400 was published for unoconv (pip) Oct 24, 2019
DOS attack in Pillow when processing specially crafted image files High
CVE-2019-16865 was published for pillow (pip) Oct 22, 2019
sunSUNQ
High severity vulnerability that affects indico High
GHSA-67cx-rhhq-mfhq was published for indico (pip) Oct 11, 2019
ecdsa Denial of Service vulnerability in signature verification and signature malleability High
CVE-2019-14853 was published for ecdsa (pip) Oct 8, 2019
Cross-Site Request Forgery in MicroPyramid Django CRM High
CVE-2019-11457 was published for django-crm (pip) Sep 11, 2019
Open Redirect in httpie High
CVE-2019-10751 was published for httpie (pip) Aug 27, 2019
Cross-site Scripting in django-js-reverse Moderate
CVE-2019-15486 was published for django-js-reverse (pip) Aug 27, 2019
tdunlap607
NLTK Vulnerable To Path Traversal High
CVE-2019-14751 was published for nltk (pip) Aug 23, 2019
Cross-site scripting in recommender-xblock Moderate
CVE-2018-20858 was published for recommender-xblock (pip) Aug 21, 2019
Pallets Werkzeug Insufficient Entropy High
CVE-2019-14806 was published for werkzeug (pip) Aug 21, 2019
Undirectional routing wasn't respected in some cases in Mitogen Critical
CVE-2019-15149 was published for mitogen (pip) Aug 19, 2019 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database