GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,093 advisories
Filter by severity
Python Twisted trustRoot is not respected in HTTP client
High
CVE-2014-7143
was published
for
twisted
(pip)
Dec 17, 2019
2FA bypass in Wagtail through new device path
High
CVE-2019-16766
was published
for
wagtail-2fa
(pip)
Nov 29, 2019
Possible remote code execution via a remote procedure call
High
GHSA-9ggp-4jpr-7ppj
was published
for
rpyc
(pip)
Nov 20, 2019
•
withdrawn
graphite.composer.views.send_email vulnerable to SSRF
High
CVE-2017-18638
was published
for
graphite-web
(pip)
Oct 25, 2019
Server-Side Request Forgery in unoconv
High
CVE-2019-17400
was published
for
unoconv
(pip)
Oct 24, 2019
DOS attack in Pillow when processing specially crafted image files
High
CVE-2019-16865
was published
for
pillow
(pip)
Oct 22, 2019
High severity vulnerability that affects indico
High
GHSA-67cx-rhhq-mfhq
was published
for
indico
(pip)
Oct 11, 2019
ecdsa Denial of Service vulnerability in signature verification and signature malleability
High
CVE-2019-14853
was published
for
ecdsa
(pip)
Oct 8, 2019
Cross-Site Request Forgery in MicroPyramid Django CRM
High
CVE-2019-11457
was published
for
django-crm
(pip)
Sep 11, 2019
Pallets Werkzeug Insufficient Entropy
High
CVE-2019-14806
was published
for
werkzeug
(pip)
Aug 21, 2019
Improper Certificate Validation in Twisted
High
CVE-2019-12855
was published
for
twisted
(pip)
Aug 16, 2019
Django Denial-of-service in strip_tags()
High
CVE-2019-14233
was published
for
Django
(pip)
Aug 6, 2019
Django Denial-of-service in django.utils.text.Truncator
High
CVE-2019-14232
was published
for
Django
(pip)
Aug 6, 2019
python-engineio vulnerable to Cross-Site Request Forgery (CSRF)
High
CVE-2019-13611
was published
for
python-engineio
(pip)
Jul 30, 2019
Aubio is vulnerable to a NULL pointer dereference in new_aubio_notes function
High
CVE-2018-19802
was published
for
aubio
(pip)
Jul 26, 2019
Aubio is vulnerable to a NULL pointer dereference in new_aubio_filterbank
High
CVE-2018-19801
was published
for
aubio
(pip)
Jul 26, 2019
Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage
High
CVE-2019-1010083
was published
for
flask
(pip)
Jul 19, 2019
XML Injection in python-libnmap
High
CVE-2019-1010017
was published
for
python-libnmap
(pip)
Jul 18, 2019
Python-saml allows manipulation of SAML data without invalidation of cryptographic signature
High
CVE-2017-11427
was published
for
python-saml
(pip)
Jul 5, 2019
ProTip!
Advisories are also available from the
GraphQL API