Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,475 advisories

Loading
Djiblets Cross-site scripting Vulnerability via JSON Objects Moderate
CVE-2014-3994 was published for Djblets (pip) May 17, 2022
Fava vulnerable to reflected cross-site scripting Moderate
CVE-2022-2589 was published for fava (pip) Aug 2, 2022
Fava vulnerable to Reflected Cross-site Scripting Moderate
CVE-2022-2523 was published for fava (pip) Jul 26, 2022
feedparser Cross-site Scripting vulnerability Moderate
CVE-2011-1158 was published for feedparser (pip) Jul 23, 2018
Improper Handling of Highly Compressed Data (Data Amplification) and Memory Allocation with Excessive Size Value in eventlet Moderate
CVE-2021-21419 was published for eventlet (pip) May 7, 2021
feedparser Cross-site Scripting vulnerability Moderate
CVE-2011-1157 was published for feedparser (pip) Jul 23, 2018
Observable Response Discrepancy in Flask-AppBuilder Moderate
CVE-2021-29621 was published for Flask-AppBuilder (pip) May 27, 2021
Fava time and filter parameters vulnerable to reflected Cross-site Scripting Moderate
CVE-2022-2514 was published for fava (pip) Jul 26, 2022
ReDoS issue in dparse Moderate
CVE-2022-39280 was published for dparse (pip) Sep 27, 2022
Elastic APM agent for Python client CGI proxy redirection flaw Moderate
CVE-2019-7617 was published for elastic-apm (pip) May 24, 2022
feedparser Cross-site Scripting vulnerability Moderate
CVE-2009-5065 was published for feedparser (pip) May 2, 2022
Observable Response Discrepancy in Flask-AppBuilder Moderate
CVE-2022-21659 was published for Flask-AppBuilder (pip) Feb 1, 2022
SamWheating
Duplicate Advisory: possible DoS caused by malformed signature decoding in Pure-Python ECDSA Moderate
GHSA-2mrj-435v-c2cr was published for ecdsa (pip) Dec 2, 2019 withdrawn
Exposure of Sensitive Information in EVE-SRP Moderate
CVE-2020-36660 was published for EVE-SRP (pip) Feb 6, 2023
Django Cross-site Scripting in AdminURLFieldWidget Moderate
CVE-2019-12308 was published for Django (pip) Jun 10, 2019
sunSUNQ
Improper Input Validation in Django Moderate
CVE-2019-3498 was published for Django (pip) Jan 14, 2019
Directory Traversal in Django Moderate
CVE-2021-28658 was published for Django (pip) Apr 8, 2021
Prevent XSS from Confidant API call Moderate
CVE-2024-45793 was published for confidant (pip) Sep 20, 2024
whu-lyft meng-han
alejandroroiz achantavy heryxpc anshumanbh bstewart-lyft reindaelman
XSS in Django Moderate
CVE-2020-13596 was published for Django (pip) Jun 5, 2020
tdunlap607
Django Denial-of-service in django.utils.text.Truncator Moderate
CVE-2023-43665 was published for Django (pip) Nov 3, 2023
Django Directory Traversal via archive.extract Moderate
CVE-2021-3281 was published for django (pip) Mar 18, 2021
Cross-site Scripting in Django Moderate
CVE-2022-22818 was published for django (pip) Feb 4, 2022
tdunlap607
Path Traversal in Django Moderate
CVE-2021-33203 was published for Django (pip) Jun 10, 2021
Header injection possible in Django Moderate
CVE-2021-32052 was published for Django (pip) Jun 9, 2021
Data leakage via cache key collision in Django Moderate
CVE-2020-13254 was published for Django (pip) Jun 5, 2020
tdunlap607
ProTip! Advisories are also available from the GraphQL API