GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
68 advisories
Filter by severity
MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form
High
CVE-2023-34457
was published
for
MechanicalSoup
(pip)
Jul 5, 2023
Denial of service attack due to invalid JSON
High
CVE-2020-26890
was published
for
matrix-synapse
(pip)
Nov 24, 2020
OpensStack Neutron Denial of Service Vulnerability
High
CVE-2018-14635
was published
for
neutron
(pip)
May 13, 2022
Mercurial Improper Input Validation vulnerability
High
CVE-2018-13346
was published
for
mercurial
(pip)
May 13, 2022
Mercurial Improper Input Validation vulnerability
High
CVE-2018-13348
was published
for
mercurial
(pip)
May 13, 2022
Mercurial vulnerable to arbitrary code execution via a crafted name when converting a Git repository
High
CVE-2016-3069
was published
for
mercurial
(pip)
May 14, 2022
Mercurial arbitrary code execution via a crafted git ext:: URL
High
CVE-2016-3068
was published
for
mercurial
(pip)
May 14, 2022
Improper Input Validation in kdcproxy
High
CVE-2015-5159
was published
for
kdcproxy
(pip)
Nov 1, 2018
Sydent vulnerable to denial of service attack via memory exhaustion
High
CVE-2021-29430
was published
for
matrix-sydent
(pip)
Apr 19, 2021
Flask is vulnerable to Denial of Service via incorrect encoding of JSON data
High
CVE-2018-1000656
was published
for
flask
(pip)
Aug 23, 2018
GitPython vulnerable to Remote Code Execution due to improper user input validation
High
CVE-2022-24439
was published
for
GitPython
(pip)
Dec 6, 2022
FormEncode Access Restrictions Bypass
High
CVE-2008-6547
was published
for
FormEncode
(pip)
May 17, 2022
FedMsg not properly completing message validation
High
CVE-2017-1000001
was published
for
FedMsg
(pip)
Jul 13, 2018
feedparser denial of service vulnerability
High
CVE-2011-1156
was published
for
feedparser
(pip)
Jul 23, 2018
Mesop has a local file Inclusion via static file serving functionality
High
CVE-2024-45601
was published
for
mesop
(pip)
Sep 18, 2024
Django Allows Arbitrary URL Generation
High
CVE-2012-4520
was published
for
django
(pip)
May 17, 2022
Django Vulnerable to HTTP Response Splitting Attack
High
CVE-2015-5144
was published
for
Django
(pip)
May 17, 2022
Django Image Field Vulnerable to Image Decompression Bombs
High
CVE-2012-3443
was published
for
Django
(pip)
May 17, 2022
Django Might Allow CSRF Requests via URL Verification
High
CVE-2011-4138
was published
for
Django
(pip)
May 14, 2022
Improper input validation in cryptography
High
CVE-2016-9243
was published
for
cryptography
(pip)
May 17, 2022
PyCA Cryptography vulnerable to GCM tag forgery
High
CVE-2018-10903
was published
for
cryptography
(pip)
Jul 31, 2018
ProTip!
Advisories are also available from the
GraphQL API