GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,475 advisories
Filter by severity
Djiblets Cross-site scripting Vulnerability via JSON Objects
Moderate
CVE-2014-3994
was published
for
Djblets
(pip)
May 17, 2022
Fava vulnerable to reflected cross-site scripting
Moderate
CVE-2022-2589
was published
for
fava
(pip)
Aug 2, 2022
Fava vulnerable to Reflected Cross-site Scripting
Moderate
CVE-2022-2523
was published
for
fava
(pip)
Jul 26, 2022
feedparser Cross-site Scripting vulnerability
Moderate
CVE-2011-1158
was published
for
feedparser
(pip)
Jul 23, 2018
Improper Handling of Highly Compressed Data (Data Amplification) and Memory Allocation with Excessive Size Value in eventlet
Moderate
CVE-2021-21419
was published
for
eventlet
(pip)
May 7, 2021
feedparser Cross-site Scripting vulnerability
Moderate
CVE-2011-1157
was published
for
feedparser
(pip)
Jul 23, 2018
Observable Response Discrepancy in Flask-AppBuilder
Moderate
CVE-2021-29621
was published
for
Flask-AppBuilder
(pip)
May 27, 2021
Fava time and filter parameters vulnerable to reflected Cross-site Scripting
Moderate
CVE-2022-2514
was published
for
fava
(pip)
Jul 26, 2022
Elastic APM agent for Python client CGI proxy redirection flaw
Moderate
CVE-2019-7617
was published
for
elastic-apm
(pip)
May 24, 2022
feedparser Cross-site Scripting vulnerability
Moderate
CVE-2009-5065
was published
for
feedparser
(pip)
May 2, 2022
Observable Response Discrepancy in Flask-AppBuilder
Moderate
CVE-2022-21659
was published
for
Flask-AppBuilder
(pip)
Feb 1, 2022
Duplicate Advisory: possible DoS caused by malformed signature decoding in Pure-Python ECDSA
Moderate
GHSA-2mrj-435v-c2cr
was published
for
ecdsa
(pip)
Dec 2, 2019
•
withdrawn
Exposure of Sensitive Information in EVE-SRP
Moderate
CVE-2020-36660
was published
for
EVE-SRP
(pip)
Feb 6, 2023
Django Cross-site Scripting in AdminURLFieldWidget
Moderate
CVE-2019-12308
was published
for
Django
(pip)
Jun 10, 2019
Improper Input Validation in Django
Moderate
CVE-2019-3498
was published
for
Django
(pip)
Jan 14, 2019
Prevent XSS from Confidant API call
Moderate
CVE-2024-45793
was published
for
confidant
(pip)
Sep 20, 2024
Django Denial-of-service in django.utils.text.Truncator
Moderate
CVE-2023-43665
was published
for
Django
(pip)
Nov 3, 2023
Django Directory Traversal via archive.extract
Moderate
CVE-2021-3281
was published
for
django
(pip)
Mar 18, 2021
Header injection possible in Django
Moderate
CVE-2021-32052
was published
for
Django
(pip)
Jun 9, 2021
Data leakage via cache key collision in Django
Moderate
CVE-2020-13254
was published
for
Django
(pip)
Jun 5, 2020
ProTip!
Advisories are also available from the
GraphQL API