Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,193
Erlang
25
GitHub Actions
39
Go
2,385
Maven
3,027
npm
3,078
NuGet
529
pip
2,897
Pub
5
RubyGems
442
Rust
905
Swift
20
Unreviewed advisories
All unreviewed
5,000+

2,897 advisories

Loading
Arbitrary code using "crafted image file" approach affecting Pillow High
CVE-2016-9190 was published for Pillow (pip) Jul 12, 2018
python-fedora vulnerable to an open redirect resulting in loss of CSRF protection Moderate
CVE-2017-1002150 was published for python-fedora (pip) Jul 13, 2018
Diffoscope may write to arbitrary locations due to an untrusted archive Critical
CVE-2017-0359 was published for diffoscope (pip) Jul 13, 2018
Unsafe deserialization in confire Critical
CVE-2017-16763 was published for confire (pip) Jul 18, 2018
Directory traversal in Django Critical
CVE-2011-0698 was published for Django (pip) Jul 23, 2018
MarkLee131 Credited to MarkLee131
Cross-site scripting in django Moderate
CVE-2011-0697 was published for Django (pip) Jul 23, 2018
sunSUNQ Credited to sunSUNQ
PyCA Cryptography vulnerable to GCM tag forgery High
CVE-2018-10903 was published for cryptography (pip) Jul 31, 2018
Pyro mishandles pid files in temporary directory locations and opening the pid file as root High
CVE-2011-2765 was published for pyro (pip) Aug 21, 2018
Qutebrowser XSS Vulnerability Moderate
CVE-2018-1000559 was published for qutebrowser (pip) Sep 13, 2018
PyOpenSSL Use-After-Free vulnerability High
CVE-2018-1000807 was published for pyopenssl (pip) Oct 10, 2018
tdunlap607 Credited to tdunlap607
conference-scheduler-cli Arbitrary Code Execution High
CVE-2018-14572 was published for conference-scheduler-cli (pip) Oct 29, 2018
python-gnupg vulnerable to shell injection Critical
CVE-2014-1929 was published for python-gnupg (pip) Nov 6, 2018
python-gnupg's shell_quote function does not properly escape characters High
CVE-2014-1928 was published for python-gnupg (pip) Nov 6, 2018
python-gnupg's shell_quote function does not properly quote strings High
CVE-2014-1927 was published for python-gnupg (pip) Nov 6, 2018
Code injection in Danijar Definitions High
CVE-2018-20325 was published for definitions (pip) Dec 26, 2018
Bleach URI Scheme Restriction Bypass Critical
CVE-2018-7753 was published for bleach (pip) Jan 4, 2019
mistune Cross-site scripting (XSS) vulnerability Moderate
CVE-2017-16876 was published for mistune (pip) Jan 4, 2019
CRLF Injection in pypiserver Moderate
CVE-2019-6802 was published for pypiserver (pip) Jan 30, 2019
tdunlap607 Credited to tdunlap607
Pylons Colander Denial of Service vulnerability High
CVE-2017-18361 was published for colander (pip) Feb 7, 2019
tdunlap607 Credited to tdunlap607
Improper Input Validation in python-dbusmock High
CVE-2015-1326 was published for python-dbusmock (pip) Apr 23, 2019
XSS in jQuery as used in Drupal, Backdrop CMS, and other products Moderate
CVE-2019-11358 was published for django (RubyGems) Apr 26, 2019
klaudialax Credited to klaudialax, eoftedal, and Rudloff eoftedal eoftedal
Rudloff Rudloff
Code Injection in PyXDG High
CVE-2019-12761 was published for pyxdg (pip) Jun 7, 2019
Python-saml allows manipulation of SAML data without invalidation of cryptographic signature High
CVE-2017-11427 was published for python-saml (pip) Jul 5, 2019
XML Injection in python-libnmap High
CVE-2019-1010017 was published for python-libnmap (pip) Jul 18, 2019
Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage High
CVE-2019-1010083 was published for flask (pip) Jul 19, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database