Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

68 advisories

Loading
MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form High
CVE-2023-34457 was published for MechanicalSoup (pip) Jul 5, 2023
e-c-d
Denial of service attack due to invalid JSON High
CVE-2020-26890 was published for matrix-synapse (pip) Nov 24, 2020
dkasak
OpensStack Neutron Denial of Service Vulnerability High
CVE-2018-14635 was published for neutron (pip) May 13, 2022
Mercurial Improper Input Validation vulnerability High
CVE-2018-13346 was published for mercurial (pip) May 13, 2022
Mercurial Improper Input Validation vulnerability High
CVE-2018-13348 was published for mercurial (pip) May 13, 2022
Mercurial vulnerable to arbitrary code execution via a crafted name when converting a Git repository High
CVE-2016-3069 was published for mercurial (pip) May 14, 2022
Mercurial arbitrary code execution via a crafted git ext:: URL High
CVE-2016-3068 was published for mercurial (pip) May 14, 2022
Improper Input Validation in kdcproxy High
CVE-2015-5159 was published for kdcproxy (pip) Nov 1, 2018
Sydent vulnerable to denial of service attack via memory exhaustion High
CVE-2021-29430 was published for matrix-sydent (pip) Apr 19, 2021
Flask is vulnerable to Denial of Service via incorrect encoding of JSON data High
CVE-2018-1000656 was published for flask (pip) Aug 23, 2018
tdunlap607
GitPython vulnerable to Remote Code Execution due to improper user input validation High
CVE-2022-24439 was published for GitPython (pip) Dec 6, 2022
ad-m-ss tdunlap607
FormEncode Access Restrictions Bypass High
CVE-2008-6547 was published for FormEncode (pip) May 17, 2022
FedMsg not properly completing message validation High
CVE-2017-1000001 was published for FedMsg (pip) Jul 13, 2018
feedparser denial of service vulnerability High
CVE-2011-1156 was published for feedparser (pip) Jul 23, 2018
Information disclosure in Django High
CVE-2021-45116 was published for Django (pip) Jan 12, 2022
tdunlap607
Django Allows Open Redirects High
CVE-2014-3730 was published for Django (pip) May 14, 2022
Mesop has a local file Inclusion via static file serving functionality High
CVE-2024-45601 was published for mesop (pip) Sep 18, 2024
Letm3through
Django Allows Arbitrary URL Generation High
CVE-2012-4520 was published for django (pip) May 17, 2022
Django Vulnerable to HTTP Response Splitting Attack High
CVE-2015-5144 was published for Django (pip) May 17, 2022
sunSUNQ
Django Incorrectly Validates URLs High
CVE-2014-0480 was published for Django (pip) May 14, 2022
Django Image Field Vulnerable to Image Decompression Bombs High
CVE-2012-3443 was published for Django (pip) May 17, 2022
Django Vulnerable to Cache Poisoning High
CVE-2011-4139 was published for Django (pip) May 14, 2022
Django Might Allow CSRF Requests via URL Verification High
CVE-2011-4138 was published for Django (pip) May 14, 2022
Improper input validation in cryptography High
CVE-2016-9243 was published for cryptography (pip) May 17, 2022
jhutchings1
PyCA Cryptography vulnerable to GCM tag forgery High
CVE-2018-10903 was published for cryptography (pip) Jul 31, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database