GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
227 advisories
Filter by severity
Improper Input Validation in Jupyter Notebook
Critical
CVE-2015-7337
was published
for
ipython
(pip)
May 17, 2022
Gradio vulnerable to arbitrary file read and proxying of arbitrary URLs
Moderate
CVE-2023-34239
was published
for
gradio
(pip)
Jun 9, 2023
Flask is vulnerable to Denial of Service via incorrect encoding of JSON data
High
CVE-2018-1000656
was published
for
flask
(pip)
Aug 23, 2018
git-big-picture Code Execution
Critical
CVE-2021-3028
was published
for
git-big-picture
(pip)
May 24, 2022
GitPython vulnerable to Remote Code Execution due to improper user input validation
High
CVE-2022-24439
was published
for
GitPython
(pip)
Dec 6, 2022
FormEncode Access Restrictions Bypass
High
CVE-2008-6547
was published
for
FormEncode
(pip)
May 17, 2022
FedMsg not properly completing message validation
High
CVE-2017-1000001
was published
for
FedMsg
(pip)
Jul 13, 2018
feedparser denial of service vulnerability
High
CVE-2011-1156
was published
for
feedparser
(pip)
Jul 23, 2018
Elastic APM agent for Python client CGI proxy redirection flaw
Moderate
CVE-2019-7617
was published
for
elastic-apm
(pip)
May 24, 2022
ReviewBoard and Djblets library are vulnerable to code execution
Critical
CVE-2013-4409
was published
for
ReviewBoard
(pip)
May 5, 2022
Improper Input Validation in Django
Moderate
CVE-2019-3498
was published
for
Django
(pip)
Jan 14, 2019
Django bypasses validation when using one form field to upload multiple files
Critical
CVE-2023-31047
was published
for
Django
(pip)
May 7, 2023
Cross-site Scripting (XSS) in Django REST Framework
Moderate
CVE-2020-25626
was published
for
djangorestframework
(pip)
Mar 19, 2021
Mesop has a local file Inclusion via static file serving functionality
High
CVE-2024-45601
was published
for
mesop
(pip)
Sep 18, 2024
Django Allows Arbitrary URL Generation
High
CVE-2012-4520
was published
for
django
(pip)
May 17, 2022
Django Vulnerable to HTTP Response Splitting Attack
High
CVE-2015-5144
was published
for
Django
(pip)
May 17, 2022
Django Image Field Vulnerable to Image Decompression Bombs
High
CVE-2012-3443
was published
for
Django
(pip)
May 17, 2022
Django-piston and Django-tastypie do not properly deserialize YAML data
Critical
CVE-2011-4103
was published
for
django-piston
(pip)
Jul 23, 2018
Improper query string handling in Django
Moderate
CVE-2010-4534
was published
for
Django
(pip)
Jul 23, 2018
ProTip!
Advisories are also available from the
GraphQL API