Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

227 advisories

Loading
Improper Input Validation in Jupyter Notebook Critical
CVE-2015-7337 was published for ipython (pip) May 17, 2022
Gradio vulnerable to arbitrary file read and proxying of arbitrary URLs Moderate
CVE-2023-34239 was published for gradio (pip) Jun 9, 2023
mastomii
Flask is vulnerable to Denial of Service via incorrect encoding of JSON data High
CVE-2018-1000656 was published for flask (pip) Aug 23, 2018
tdunlap607
git-big-picture Code Execution Critical
CVE-2021-3028 was published for git-big-picture (pip) May 24, 2022
GitPython vulnerable to Remote Code Execution due to improper user input validation High
CVE-2022-24439 was published for GitPython (pip) Dec 6, 2022
ad-m-ss tdunlap607
FormEncode Access Restrictions Bypass High
CVE-2008-6547 was published for FormEncode (pip) May 17, 2022
FedMsg not properly completing message validation High
CVE-2017-1000001 was published for FedMsg (pip) Jul 13, 2018
feedparser denial of service vulnerability High
CVE-2011-1156 was published for feedparser (pip) Jul 23, 2018
Elastic APM agent for Python client CGI proxy redirection flaw Moderate
CVE-2019-7617 was published for elastic-apm (pip) May 24, 2022
ReviewBoard and Djblets library are vulnerable to code execution Critical
CVE-2013-4409 was published for ReviewBoard (pip) May 5, 2022
Improper Input Validation in Django Moderate
CVE-2019-3498 was published for Django (pip) Jan 14, 2019
Django bypasses validation when using one form field to upload multiple files Critical
CVE-2023-31047 was published for Django (pip) May 7, 2023
Cross-site Scripting (XSS) in Django REST Framework Moderate
CVE-2020-25626 was published for djangorestframework (pip) Mar 19, 2021
Information disclosure in Django High
CVE-2021-45116 was published for Django (pip) Jan 12, 2022
tdunlap607
Django Allows Open Redirects High
CVE-2014-3730 was published for Django (pip) May 14, 2022
Mesop has a local file Inclusion via static file serving functionality High
CVE-2024-45601 was published for mesop (pip) Sep 18, 2024
Letm3through
Django Allows Arbitrary URL Generation High
CVE-2012-4520 was published for django (pip) May 17, 2022
Django Vulnerable to HTTP Response Splitting Attack High
CVE-2015-5144 was published for Django (pip) May 17, 2022
sunSUNQ
Django Incorrectly Validates URLs High
CVE-2014-0480 was published for Django (pip) May 14, 2022
Django Image Field Vulnerable to Image Decompression Bombs High
CVE-2012-3443 was published for Django (pip) May 17, 2022
Improper date handling in Django Moderate
CVE-2010-4535 was published for Django (pip) Jul 23, 2018
MarkLee131
Session manipulation in Django Moderate
CVE-2011-4136 was published for Django (pip) Jul 23, 2018
MarkLee131
Django-piston and Django-tastypie do not properly deserialize YAML data Critical
CVE-2011-4103 was published for django-piston (pip) Jul 23, 2018
Improper query string handling in Django Moderate
CVE-2010-4534 was published for Django (pip) Jul 23, 2018
MarkLee131
Django Vulnerable to Cache Poisoning High
CVE-2011-4139 was published for Django (pip) May 14, 2022
ProTip! Advisories are also available from the GraphQL API