GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,249
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,305 advisories
Filter by severity
autogluon.multimodal vulnerable to unsafe YAML deserialization
High
GHSA-6h2x-4gjf-jc5w
was published
for
autogluon.multimodal
(pip)
Sep 21, 2022
django-sendfile2 before 0.7.0 contains reflected file download vulnerability
High
GHSA-pcjh-6r5h-r92r
was published
for
django-sendfile2
(pip)
Aug 11, 2022
Phoenix-ws source code and data in extensions folder is publicly available
High
GHSA-c8f7-x2g7-7fxj
was published
for
phoenix-ws
(pip)
Jun 2, 2022
High severity vulnerability that affects indico
High
GHSA-67cx-rhhq-mfhq
was published
for
indico
(pip)
Oct 11, 2019
Update bitlyshortener to >=0.5.0 to prevent generating some invalid short URLs
High
GHSA-r82c-j4mq-5xfw
was published
for
bitlyshortener
(pip)
Oct 27, 2020
Storage corruption due to variables overwritten by re-entrancy locks
High
GHSA-7f92-rr6w-cq64
was published
for
vyper
(pip)
Aug 5, 2021
Unauthorized access through URL manipulation
High
GHSA-qrmm-w4v4-q7f8
was published
for
docassemble
(pip)
May 6, 2021
Out-of-bounds Read in OpenCV
High
CVE-2017-18009
was published
for
opencv-contrib-python
(pip)
Oct 12, 2021
Denial of Service in OpenCV
High
CVE-2017-12602
was published
for
opencv-contrib-python
(pip)
Oct 12, 2021
Denial of Service in OpenCV
High
CVE-2017-12600
was published
for
opencv-contrib-python
(pip)
Oct 12, 2021
Improper Validation of Integrity Check Value in TensorFlow
High
GHSA-43q8-3fv7-pr5x
was published
for
tensorflow
(pip)
Feb 9, 2022
Server crash if running Python 3.10 w/ Sanic 20.12
High
GHSA-7p79-6x2v-5h88
was published
for
sanic
(pip)
Feb 16, 2022
Cross Site Scripting vulnerability in django-jsonform's admin form.
High
GHSA-x9jp-4w8m-4f3c
was published
for
django-jsonform
(pip)
Jun 10, 2022
XSS Vulnerability in Markdown Editor
High
GHSA-85q9-7467-r53q
was published
for
inventree
(pip)
Jun 17, 2022
Insufficient HTML Sanitization
High
GHSA-rm89-9g65-4ffr
was published
for
inventree
(pip)
Jun 17, 2022
SentinelOne impersonated via PyPI packages
High
GHSA-g86j-hwg9-77q5
was published
for
SentinelOne
(pip)
Dec 27, 2022
Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints
High
CVE-2022-43719
was published
for
apache-superset
(pip)
Jan 16, 2023
Improper Certificate Validation in pyload-ng
High
CVE-2023-0509
was published
for
pyload-ng
(pip)
Jan 27, 2023
Cross Site Request Forgery in mailman
High
CVE-2021-44227
was published
for
mailman
(pip)
Dec 16, 2021
Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI
High
CVE-2022-25512
was published
for
FreeTAKServer-UI
(pip)
Mar 12, 2022
Allocation of Resources Without Limits or Throttling in nvflare
High
CVE-2022-21822
was published
for
nvflare
(pip)
Mar 18, 2022
Insertion of Sensitive Information into Log File in Jupyter notebook
High
CVE-2022-24757
was published
for
jupyter-server
(pip)
Mar 25, 2022
Sensitive Auth & Cookie data stored in Jupyter server logs
High
CVE-2022-24758
was published
for
notebook
(pip)
Apr 5, 2022
ProTip!
Advisories are also available from the
GraphQL API