GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,251
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,725
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
861
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,400 advisories
Filter by severity
jwcrypto token substitution can lead to authentication bypass
Moderate
CVE-2022-3102
was published
for
jwcrypto
(pip)
Sep 21, 2022
autogluon.multimodal vulnerable to unsafe YAML deserialization
High
GHSA-6h2x-4gjf-jc5w
was published
for
autogluon.multimodal
(pip)
Sep 21, 2022
django-sendfile2 before 0.7.0 contains reflected file download vulnerability
High
GHSA-pcjh-6r5h-r92r
was published
for
django-sendfile2
(pip)
Aug 11, 2022
mofh Vulnerable to Improper Restriction of XML External Entity Reference
Moderate
GHSA-7r9x-qrpr-3cxw
was published
for
mofh
(pip)
Aug 11, 2022
Vulnerable OpenSSL included in cryptography wheels
Moderate
GHSA-39hc-v87j-747x
was published
for
cryptography
(pip)
Nov 2, 2022
Package discontinued because Bitly lowered the free quota
Low
GHSA-ggrh-grj3-vfvw
was published
for
bitlyshortener
(pip)
Nov 28, 2022
Phoenix-ws source code and data in extensions folder is publicly available
High
GHSA-c8f7-x2g7-7fxj
was published
for
phoenix-ws
(pip)
Jun 2, 2022
Cross-Site Scripting
Moderate
GHSA-57h7-r3q3-w57j
was published
for
djangorestframework
(pip)
Feb 24, 2021
•
withdrawn
Cross-Site Scripting
Moderate
GHSA-94ww-22rx-493x
was published
for
flower
(pip)
Feb 24, 2021
•
withdrawn
Vyper interfaces returning integer types less than 256 bits can be manipulated if uint256 is used
Low
GHSA-mr6r-mvw4-736g
was published
for
vyper
(pip)
Mar 25, 2020
`CHECK` failure in `SobolSample` via missing validation
Low
GHSA-cqvq-fvhr-v6hc
was published
for
tensorflow
(pip)
Nov 21, 2022
`CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in eager mode
Low
GHSA-xf83-q765-xm6m
was published
for
tensorflow
(pip)
Nov 21, 2022
High severity vulnerability that affects indico
High
GHSA-67cx-rhhq-mfhq
was published
for
indico
(pip)
Oct 11, 2019
Moderate severity vulnerability that affects mailman
Moderate
CVE-2018-13796
was published
for
mailman
(pip)
Sep 11, 2018
Moderate severity vulnerability that affects Products.PlonePAS
Moderate
CVE-2009-0662
was published
for
Products.PlonePAS
(pip)
Jul 23, 2018
CSRF tokens leaked in URL by canned query form
Moderate
GHSA-q6j3-c4wc-63vw
was published
for
datasette
(pip)
Aug 11, 2020
Moderate severity vulnerability that affects Zope2
Moderate
CVE-2010-1104
was published
for
Zope2
(pip)
Jul 23, 2018
Moderate severity vulnerability that affects aioxmpp
Moderate
GHSA-32f7-cmr3-vpjv
was published
for
aioxmpp
(pip)
Feb 7, 2019
•
withdrawn
Directory traversal outside of SENDFILE_ROOT in django-sendfile2
Moderate
GHSA-6r3c-8xf3-ggrr
was published
for
django-sendfile2
(pip)
Jun 24, 2020
UNEDITABLE_SCHEMAS and UNEDITABLE_TABLE_DESCRIPTION_MATCH_RULES not respected by frontend service backend
Low
GHSA-47qg-q58v-7vrp
was published
for
amundsen-frontend
(pip)
Dec 2, 2020
Key Caching behavior in the DynamoDB Encryption Client.
Low
GHSA-4ph2-8337-hm62
was published
for
dynamodb-encryption-sdk
(pip)
Feb 8, 2021
Update bitlyshortener to >=0.5.0 to prevent generating some invalid short URLs
High
GHSA-r82c-j4mq-5xfw
was published
for
bitlyshortener
(pip)
Oct 27, 2020
datasette-graphql leaks details of the schema of private database files
Low
GHSA-74hv-qjjq-h7g5
was published
for
datasette-graphql
(pip)
Nov 24, 2020
ProTip!
Advisories are also available from the
GraphQL API