GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
124 advisories
Filter by severity
Gradio vulnerable to arbitrary file read and proxying of arbitrary URLs
Moderate
CVE-2023-34239
was published
for
gradio
(pip)
Jun 9, 2023
Elastic APM agent for Python client CGI proxy redirection flaw
Moderate
CVE-2019-7617
was published
for
elastic-apm
(pip)
May 24, 2022
Improper Input Validation in Django
Moderate
CVE-2019-3498
was published
for
Django
(pip)
Jan 14, 2019
Cross-site Scripting (XSS) in Django REST Framework
Moderate
CVE-2020-25626
was published
for
djangorestframework
(pip)
Mar 19, 2021
Improper query string handling in Django
Moderate
CVE-2010-4534
was published
for
Django
(pip)
Jul 23, 2018
Apache Airflow Improper Input Validation vulnerability
Moderate
CVE-2023-22888
was published
for
apache-airflow
(pip)
Jul 12, 2023
Apache Airflow Improper Input Validation vulnerability
Moderate
CVE-2023-36543
was published
for
apache-airflow
(pip)
Jul 12, 2023
Apache Libcloud vulnerable to certificate impersonation
Moderate
CVE-2012-3446
was published
for
apache-libcloud
(pip)
May 17, 2022
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible
Moderate
CVE-2019-14905
was published
for
ansible
(pip)
Apr 20, 2021
Ansible password prompts could expose passwords
Moderate
CVE-2019-10206
was published
for
ansible
(pip)
May 24, 2022
aiohttp's ClientSession is vulnerable to CRLF injection via version
Moderate
CVE-2023-49081
was published
for
aiohttp
(pip)
Nov 27, 2023
aiohttp's ClientSession is vulnerable to CRLF injection via method
Moderate
CVE-2023-49082
was published
for
aiohttp
(pip)
Nov 27, 2023
Improper Input Validation in ansible
Moderate
CVE-2016-8647
was published
for
ansible
(pip)
Oct 10, 2018
Segmentation fault in tensorflow-lite
Moderate
CVE-2020-15210
was published
for
tensorflow
(pip)
Sep 25, 2020
Apache Superset server arbitrary file read
Moderate
CVE-2024-34693
was published
for
apache-superset
(pip)
Jun 20, 2024
vyper performs double eval of the slice start/length args in certain cases
Moderate
CVE-2024-32646
was published
for
vyper
(pip)
Apr 25, 2024
vyper performs incorrect topic logging in raw_log
Moderate
CVE-2024-32645
was published
for
vyper
(pip)
Apr 25, 2024
Arbitrary file deletion in litellm
Moderate
CVE-2024-4888
was published
for
litellm
(pip)
Jun 6, 2024
Microsoft Common Data Model SDK Denial of Service Vulnerability
Moderate
CVE-2023-36566
was published
for
Microsoft.CommonDataModel.ObjectModel
(Maven)
Oct 10, 2023
OpenStack Identity (Keystone) Denial of Service
Moderate
CVE-2013-2014
was published
for
keystone
(pip)
May 13, 2022
Policies not properly enforced in bluemonday
Moderate
CVE-2021-42576
was published
for
github.com/microcosm-cc/bluemonday
(Go)
Oct 19, 2021
OpenStack Compute (Nova) Improper Input Validation
Moderate
CVE-2012-2654
was published
for
nova
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API