GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,400 advisories
Filter by severity
Deserialization of Untrusted Data in superset
Critical
CVE-2018-8021
was published
for
superset
(pip)
Nov 9, 2018
python-gnupg's shell_quote function does not properly quote strings
High
CVE-2014-1927
was published
for
python-gnupg
(pip)
Nov 6, 2018
High severity vulnerability that affects python-gnupg
High
CVE-2013-7323
was published
for
python-gnupg
(pip)
Nov 6, 2018
python-gnupg's shell_quote function does not properly escape characters
High
CVE-2014-1928
was published
for
python-gnupg
(pip)
Nov 6, 2018
python-gnupg vulnerable to shell injection
Critical
CVE-2014-1929
was published
for
python-gnupg
(pip)
Nov 6, 2018
Improper Input Validation in kdcproxy
High
CVE-2015-5159
was published
for
kdcproxy
(pip)
Nov 1, 2018
Insufficiently Protected Credentials in Requests
High
CVE-2018-18074
was published
for
requests
(pip)
Oct 29, 2018
conference-scheduler-cli Arbitrary Code Execution
High
CVE-2018-14572
was published
for
conference-scheduler-cli
(pip)
Oct 29, 2018
Ansible does not verify that the server hostname matches a domain name in certificates
High
CVE-2015-3908
was published
for
ansible
(pip)
Oct 10, 2018
Ansible fails to cache SSH host keys
Critical
CVE-2013-2233
was published
for
ansible
(pip)
Oct 10, 2018
Improper Input Validation in ansible
Moderate
CVE-2016-8647
was published
for
ansible
(pip)
Oct 10, 2018
Ansible apt_key module does not properly verify key fingerprint
High
CVE-2016-8614
was published
for
ansible
(pip)
Oct 10, 2018
Ansible exposes sensitive data in log files and on the terminal
High
CVE-2018-10855
was published
for
ansible
(pip)
Oct 10, 2018
Ansible fails to properly sanitize fact variables sent from the Ansible controller
Critical
CVE-2016-8628
was published
for
ansible
(pip)
Oct 10, 2018
Ansible is vulnerable to an improper input validation in Ansible's handling of data sent from client systems
Critical
CVE-2016-9587
was published
for
ansible
(pip)
Oct 10, 2018
In marshmallow library the schema "only" option treats an empty list as implying no "only" option
Moderate
CVE-2018-17175
was published
for
marshmallow
(pip)
Oct 10, 2018
PyOpenSSL Use-After-Free vulnerability
High
CVE-2018-1000807
was published
for
pyopenssl
(pip)
Oct 10, 2018
Pyopenssl Incorrect Memory Management
High
CVE-2018-1000808
was published
for
pyopenssl
(pip)
Oct 10, 2018
Paramiko Authentication Bypass vulnerability
High
CVE-2018-1000805
was published
for
paramiko
(pip)
Oct 10, 2018
Django vulnerable to information leakage in AuthenticationForm
High
CVE-2018-6188
was published
for
Django
(pip)
Oct 3, 2018
Django allows unprivileged users to read the password hashes of arbitrary accounts
Moderate
CVE-2018-16984
was published
for
django
(pip)
Oct 3, 2018
websockets is vulnerable to denial of service by memory exhaustion
High
CVE-2018-1000518
was published
for
websockets
(pip)
Sep 17, 2018
ProTip!
Advisories are also available from the
GraphQL API