Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,400 advisories

Loading
jwcrypto token substitution can lead to authentication bypass Moderate
CVE-2022-3102 was published for jwcrypto (pip) Sep 21, 2022
mofh Vulnerable to Improper Restriction of XML External Entity Reference Moderate
GHSA-7r9x-qrpr-3cxw was published for mofh (pip) Aug 11, 2022
Vulnerable OpenSSL included in cryptography wheels Moderate
GHSA-39hc-v87j-747x was published for cryptography (pip) Nov 2, 2022
Cross-Site Scripting Moderate
GHSA-57h7-r3q3-w57j was published for djangorestframework (pip) Feb 24, 2021 withdrawn
Cross-Site Scripting Moderate
GHSA-94ww-22rx-493x was published for flower (pip) Feb 24, 2021 withdrawn
Moderate severity vulnerability that affects mailman Moderate
CVE-2018-13796 was published for mailman (pip) Sep 11, 2018
Moderate severity vulnerability that affects Products.PlonePAS Moderate
CVE-2009-0662 was published for Products.PlonePAS (pip) Jul 23, 2018
CSRF tokens leaked in URL by canned query form Moderate
GHSA-q6j3-c4wc-63vw was published for datasette (pip) Aug 11, 2020
Moderate severity vulnerability that affects Zope2 Moderate
CVE-2010-1104 was published for Zope2 (pip) Jul 23, 2018
Moderate severity vulnerability that affects aioxmpp Moderate
GHSA-32f7-cmr3-vpjv was published for aioxmpp (pip) Feb 7, 2019 withdrawn
Directory traversal outside of SENDFILE_ROOT in django-sendfile2 Moderate
GHSA-6r3c-8xf3-ggrr was published for django-sendfile2 (pip) Jun 24, 2020
gipi moggers87
Memory leak in Nanopb Moderate
CVE-2020-26243 was published for nanopb (pip) Nov 25, 2020
Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpoint Moderate
GHSA-7h5v-85w9-pq6c was published for matrix-synapse (pip) May 19, 2021
Uncontrolled Resource Consumption in pillow Moderate
GHSA-jgpv-4h4c-xhw3 was published for pillow (pip) Apr 23, 2021
Potential API key leak Moderate
GHSA-63rq-p8fp-524q was published for sopel-modules.weather (pip) Apr 13, 2021
VVE-2021-0001: Memory corruption using function calls within arrays Moderate
GHSA-22wc-c9wj-6q2v was published for vyper (pip) Apr 19, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk Moderate
GHSA-x5h4-9gqw-942j was published for aws-encryption-sdk (pip) Jun 1, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk-cli Moderate
GHSA-89v2-g37m-g3ff was published for aws-encryption-sdk-cli (pip) Jun 1, 2021
Out-of-bounds Write in OpenCV Moderate
CVE-2017-14136 was published for opencv-contrib-python (pip) Oct 12, 2021
Improper Input Validation in OpenCV Moderate
CVE-2016-1517 was published for opencv-contrib-python (pip) Oct 12, 2021
ReDoS in LDAP schema parser Moderate
GHSA-r8wq-qrxc-hmcm was published for python-ldap (pip) Nov 29, 2021
Invalid URL generation in bitlyshortener Moderate
GHSA-rcrv-228c-gprj was published for bitlyshortener (pip) Jan 21, 2022
Cross-site Scripting and Open Redirect in Products.CMFPlone Moderate
GHSA-8w54-22w9-3g8f was published for Products.CMFPlone (pip) Jan 28, 2022
Cross-site Scripting and Open Redirect in plone.app.contenttypes Moderate
GHSA-f7qw-5fgj-247x was published for plone.app.contenttypes (pip) Feb 1, 2022
Integer Overflow or Wraparound in TensorFlow Moderate
GHSA-wcv5-vrvr-3rx2 was published for tensorflow (pip) Feb 9, 2022
ProTip! Advisories are also available from the GraphQL API