Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,279 advisories

Loading
autogluon.multimodal vulnerable to unsafe YAML deserialization High
GHSA-6h2x-4gjf-jc5w was published for autogluon.multimodal (pip) Sep 21, 2022
sxjscience
django-sendfile2 before 0.7.0 contains reflected file download vulnerability High
GHSA-pcjh-6r5h-r92r was published for django-sendfile2 (pip) Aug 11, 2022
moggers87 sergei-maertens
Phoenix-ws source code and data in extensions folder is publicly available High
GHSA-c8f7-x2g7-7fxj was published for phoenix-ws (pip) Jun 2, 2022
High severity vulnerability that affects indico High
GHSA-67cx-rhhq-mfhq was published for indico (pip) Oct 11, 2019
Update bitlyshortener to >=0.5.0 to prevent generating some invalid short URLs High
GHSA-r82c-j4mq-5xfw was published for bitlyshortener (pip) Oct 27, 2020
Storage corruption due to variables overwritten by re-entrancy locks High
GHSA-7f92-rr6w-cq64 was published for vyper (pip) Aug 5, 2021
pandadefi charles-cooper
iamdefinitelyahuman
Unauthorized access through URL manipulation High
GHSA-qrmm-w4v4-q7f8 was published for docassemble (pip) May 6, 2021
jimmio
Out-of-bounds Read in OpenCV High
CVE-2017-18009 was published for opencv-contrib-python (pip) Oct 12, 2021
Denial of Service in OpenCV High
CVE-2017-12602 was published for opencv-contrib-python (pip) Oct 12, 2021
Denial of Service in OpenCV High
CVE-2017-12600 was published for opencv-contrib-python (pip) Oct 12, 2021
Improper Validation of Integrity Check Value in TensorFlow High
GHSA-43q8-3fv7-pr5x was published for tensorflow (pip) Feb 9, 2022
Server crash if running Python 3.10 w/ Sanic 20.12 High
GHSA-7p79-6x2v-5h88 was published for sanic (pip) Feb 16, 2022
prryplatypus
Incorrect Comparison in Vyper High
GHSA-7vrm-3jc8-5wwm was published for vyper (pip) Apr 4, 2022
Cross Site Scripting vulnerability in django-jsonform's admin form. High
GHSA-x9jp-4w8m-4f3c was published for django-jsonform (pip) Jun 10, 2022
XSS Vulnerability in Markdown Editor High
GHSA-85q9-7467-r53q was published for inventree (pip) Jun 17, 2022
Gaurav-G2
Insufficient HTML Sanitization High
GHSA-rm89-9g65-4ffr was published for inventree (pip) Jun 17, 2022
saharshtapi
SentinelOne impersonated via PyPI packages High
GHSA-g86j-hwg9-77q5 was published for SentinelOne (pip) Dec 27, 2022
Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints High
CVE-2022-43719 was published for apache-superset (pip) Jan 16, 2023
Improper Certificate Validation in pyload-ng High
CVE-2023-0509 was published for pyload-ng (pip) Jan 27, 2023
Cross Site Request Forgery in mailman High
CVE-2021-44227 was published for mailman (pip) Dec 16, 2021
Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI High
CVE-2022-25512 was published for FreeTAKServer-UI (pip) Mar 12, 2022
Allocation of Resources Without Limits or Throttling in nvflare High
CVE-2022-21822 was published for nvflare (pip) Mar 18, 2022
Nintorac
Insertion of Sensitive Information into Log File in Jupyter notebook High
CVE-2022-24757 was published for jupyter-server (pip) Mar 25, 2022
3coins
Sensitive Auth & Cookie data stored in Jupyter server logs High
CVE-2022-24758 was published for notebook (pip) Apr 5, 2022
3coins
Integer bounds error in Vyper High
CVE-2022-24845 was published for vyper (pip) Apr 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database