Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

7,498 advisories

Loading
Django Cross-Site Request Forgery vulnerability High
CVE-2011-4140 was published for Django (pip) Jul 23, 2018
Plone and Zope2 do not reseed pseudo-random number generator High
CVE-2012-6661 was published for Plone (pip) Jul 23, 2018
Cross-site request forgery in Django High
CVE-2011-0696 was published for Django (pip) Jul 23, 2018
MarkLee131
Plone and Zope2 affected by Race Condition High
CVE-2012-5507 was published for Plone (pip) Jul 23, 2018
Plone Denial of Service vulnerability High
CVE-2011-4462 was published for Plone (pip) Jul 23, 2018
feedparser denial of service vulnerability High
CVE-2011-1156 was published for feedparser (pip) Jul 23, 2018
Kcapifony gem for Ruby places database user passwords on the command line High
CVE-2014-5001 was published for kcapifony (RubyGems) Jul 23, 2018
mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input High
CVE-2017-16138 was published for mime (npm) Jul 20, 2018
rsalvo77 tdunlap607
Denial of Service vulnerability with large JSON payloads in fastify High
CVE-2018-3711 was published for fastify (npm) Jul 18, 2018
RDIL
Path Traversal in public High
CVE-2018-3731 was published for public (npm) Jul 18, 2018
Path Traversal in resolve-path High
CVE-2018-3732 was published for resolve-path (npm) Jul 18, 2018
Path Traversal in crud-file-server High
CVE-2018-3733 was published for crud-file-server (npm) Jul 18, 2018
Path Traversal in stattic High
CVE-2018-3734 was published for stattic (npm) Jul 18, 2018
Withdrawn Advisory: mariadb was malware High
CVE-2017-16046 was published for mariadb (npm) Jul 18, 2018 withdrawn
Pysaml2 does not sanitize XML responses High
CVE-2016-10149 was published for pysaml2 (pip) Jul 16, 2018
cfscrape Improper Input Validation vulnerability High
CVE-2017-7235 was published for cfscrape (pip) Jul 13, 2018
FedMsg not properly completing message validation High
CVE-2017-1000001 was published for FedMsg (pip) Jul 13, 2018
Mercurial has Incorrect Permission Assignment for Critical Resource High
CVE-2017-9462 was published for mercurial (pip) Jul 13, 2018
Code injection in ansible High
CVE-2017-2809 was published for ansible-vault (pip) Jul 13, 2018
oslo.middleware Information Disclosure vulnerability High
CVE-2017-2592 was published for oslo-middleware (pip) Jul 13, 2018
Gunicorn contains Improper Neutralization of CRLF sequences in HTTP headers High
CVE-2018-1000164 was published for gunicorn (pip) Jul 12, 2018
tlslite-ng off-by-one error on mac checking High
CVE-2018-1000159 was published for tlslite-ng (pip) Jul 12, 2018
JSNAPy allows unprivileged local users to alter files under the directory High
CVE-2018-0023 was published for jsnapy (pip) Jul 12, 2018
Kotti CSRF in the local roles implementation High
CVE-2018-9856 was published for Kotti (pip) Jul 12, 2018
Pycrypto generates weak key parameters High
CVE-2018-6594 was published for pycrypto (pip) Jul 12, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database