Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,662
Maven
5,000+
npm
4,289
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

298 advisories

Loading
Improper Restriction of XML External Entity Reference in python-docx High
CVE-2016-5851 was published for python-docx (pip) May 13, 2022
tdunlap607
Credited to tdunlap607
XML External Entity Injection in PyWPS High
CVE-2021-39371 was published for pywps (pip) Sep 2, 2021
tdunlap607
Credited to tdunlap607
Command Injection in Pygments Critical
CVE-2015-8557 was published for Pygments (pip) May 17, 2022
tdunlap607
Credited to tdunlap607
PyKMIP Denial of service vulnerability High
CVE-2018-1000872 was published for pykmip (pip) Dec 21, 2018
tdunlap607
Credited to tdunlap607
Sentry vulnerable to invite code reuse via cookie manipulation Moderate
CVE-2022-23485 was published for sentry (pip) Dec 12, 2022
tdunlap607
Credited to tdunlap607
pysaml2 Improper Authentication vulnerability Critical
CVE-2017-1000433 was published for pysaml2 (pip) Jul 13, 2018
tdunlap607
Credited to tdunlap607
PyOpenSSL Use-After-Free vulnerability High
CVE-2018-1000807 was published for pyopenssl (pip) Oct 10, 2018
tdunlap607
Credited to tdunlap607
CRLF Injection in pypiserver Moderate
CVE-2019-6802 was published for pypiserver (pip) Jan 30, 2019
tdunlap607
Credited to tdunlap607
Plone User account enumeration via crafted URL Moderate
CVE-2012-5497 was published for plone (pip) May 17, 2022
tdunlap607
Credited to tdunlap607
Out-of-bounds Read in Pillow Moderate
CVE-2022-22816 was published for Pillow (pip) Jan 12, 2022
tdunlap607
Credited to tdunlap607
Potential infinite loop in Pillow High
CVE-2021-28676 was published for Pillow (pip) Jun 8, 2021
tdunlap607
Credited to tdunlap607
Plone Code Injection vulnerability High
CVE-2012-5488 was published for Plone (pip) May 17, 2022
tdunlap607
Credited to tdunlap607
Out of bounds read in Pillow High
CVE-2021-25291 was published for Pillow (pip) Mar 29, 2021
tdunlap607 sunSUNQ
Credited to tdunlap607 and sunSUNQ
Buffer Overflow in Pillow Critical
CVE-2021-34552 was published for pillow (pip) Oct 5, 2021
tdunlap607
Credited to tdunlap607
Regular Expression Denial of Service (ReDoS) in Jinja2 Moderate
CVE-2020-28493 was published for jinja2 (pip) Mar 19, 2021
tdunlap607
Credited to tdunlap607
Cross-site Scripting in invenio-communities Moderate
CVE-2019-1020005 was published for invenio-communities (pip) Jul 16, 2019
tdunlap607
Credited to tdunlap607
Open Redirect in Flask-Security-Too Low
CVE-2021-32618 was published for Flask-Security-Too (pip) May 17, 2021
tdunlap607
Credited to tdunlap607
Flask is vulnerable to Denial of Service via incorrect encoding of JSON data High
CVE-2018-1000656 was published for flask (pip) Aug 23, 2018
tdunlap607
Credited to tdunlap607
Django Access Control Bypass possibly leading to SSRF, RFI, and LFI attacks High
CVE-2021-33571 was published for Django (pip) Jun 10, 2021
tdunlap607
Credited to tdunlap607
XSS in Django Moderate
CVE-2020-13596 was published for Django (pip) Jun 5, 2020
tdunlap607
Credited to tdunlap607
Cross-site Scripting in Django Moderate
CVE-2022-22818 was published for django (pip) Feb 4, 2022
tdunlap607
Credited to tdunlap607
Infinite Loop in Django High
CVE-2022-23833 was published for Django (pip) Feb 4, 2022
tdunlap607 MarkLee131
Credited to tdunlap607 and MarkLee131
Path Traversal in Django High
CVE-2021-31542 was published for Django (pip) Jun 4, 2021
tdunlap607
Credited to tdunlap607
Uncontrolled Memory Consumption in Django High
CVE-2019-6975 was published for Django (pip) Feb 12, 2019
tdunlap607
Credited to tdunlap607
Information disclosure in Django High
CVE-2021-45116 was published for Django (pip) Jan 12, 2022
tdunlap607
Credited to tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database