GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,945
Erlang
29
GitHub Actions
16
Go
1,731
Maven
4,961
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,059 advisories
Filter by severity
Pylons Colander Denial of Service vulnerability
High
CVE-2017-18361
was published
for
colander
(pip)
Feb 7, 2019
Pyspark User Impersonation Vulnerability
Moderate
CVE-2018-11760
was published
for
pyspark
(pip)
Feb 7, 2019
Improper Certificate Validation in Apache Airflow
High
CVE-2018-20245
was published
for
apache-airflow
(pip)
Jan 25, 2019
Cross-Site Request Forgery (CSRF) in Apache Airflow
High
CVE-2017-17835
was published
for
apache-airflow
(pip)
Jan 25, 2019
Apache Airflow vulnerable to XSS
Critical
CVE-2017-17836
was published
for
apache-airflow
(pip)
Jan 25, 2019
Improper Input Validation in Apache Airflow resulting in Remote Code Execution
High
CVE-2017-15720
was published
for
apache-airflow
(pip)
Jan 25, 2019
modulemd uses an unsafe function for processing externally provided data
Critical
CVE-2017-1002157
was published
for
modulemd
(pip)
Jan 17, 2019
Improper Input Validation in Django
Moderate
CVE-2019-3498
was published
for
django
(pip)
Jan 14, 2019
High severity vulnerability that affects privacyIDEA
High
CVE-2018-1000809
was published
for
privacyIDEA
(pip)
Jan 14, 2019
Django vulnerable to XSS on 500 pages
Moderate
CVE-2017-12794
was published
for
django
(pip)
Jan 4, 2019
Django Open redirect and possible XSS attack via user-supplied numeric redirect URLs
Moderate
CVE-2017-7233
was published
for
django
(pip)
Jan 4, 2019
Django Denial-of-service possibility in urlize and urlizetrunc template filters
Moderate
CVE-2018-7536
was published
for
django
(pip)
Jan 4, 2019
Django Denial-of-service possibility in truncatechars_html and truncatewords_html template filters
Moderate
CVE-2018-7537
was published
for
django
(pip)
Jan 4, 2019
mistune Cross-site scripting (XSS) vulnerability
Moderate
CVE-2017-16876
was published
for
mistune
(pip)
Jan 4, 2019
Bleach URI Scheme Restriction Bypass
Critical
CVE-2018-7753
was published
for
bleach
(pip)
Jan 4, 2019
Moderate severity vulnerability that affects moin
Moderate
CVE-2017-5934
was published
for
moin
(pip)
Jan 4, 2019
PyYAML insecurely deserializes YAML strings leading to arbitrary code execution
Critical
CVE-2017-18342
was published
for
pyyaml
(pip)
Jan 4, 2019
sqla-yaml-fixtures is vulnerable to Code Injection
High
CVE-2019-3575
was published
for
sqla-yaml-fixtures
(pip)
Jan 4, 2019
Code injection in Danijar Definitions
Critical
CVE-2018-20325
was published
for
definitions
(pip)
Dec 26, 2018
PyKMIP Denial of service vulnerability
Moderate
CVE-2018-1000872
was published
for
pykmip
(pip)
Dec 21, 2018
aiohttp-session creates non-expiring sessions
Moderate
CVE-2018-1000814
was published
for
aiohttp-session
(pip)
Dec 20, 2018
ProTip!
Advisories are also available from the
GraphQL API