Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

3,260 advisories

Loading
Moderate severity vulnerability that affects Plone and Zope2 Moderate
CVE-2012-5507 was published for Plone (pip) Jul 23, 2018
Cross-site scripting in Products.CMFPlone and Products.PasswordResetTool Moderate
CVE-2011-1948 was published for Products.CMFPlone (pip) Jul 23, 2018
Plone Denial of Service vulnerability Moderate
CVE-2011-4462 was published for Plone (pip) Jul 23, 2018
Django-piston and Django-tastypie do not properly deserialize YAML data Critical
CVE-2011-4103 was published for django-piston (pip) Jul 23, 2018
feedparser denial of service vulnerability High
CVE-2011-1156 was published for feedparser (pip) Jul 23, 2018
Moderate severity vulnerability that affects Products.PlonePAS Moderate
CVE-2009-0662 was published for Products.PlonePAS (pip) Jul 23, 2018
Unsafe deserialization in confire Critical
CVE-2017-16763 was published for confire (pip) Jul 18, 2018
Pysaml2 improperly initializes encryption vector Moderate
CVE-2017-1000246 was published for pysaml2 (pip) Jul 16, 2018
zmthy
Pysaml2 does not sanitize XML responses High
CVE-2016-10149 was published for pysaml2 (pip) Jul 16, 2018
Loaded Databook of Tablib prone to python insertion resulting in command execution Critical
CVE-2017-2810 was published for tablib (pip) Jul 13, 2018
Diffoscope may write to arbitrary locations due to an untrusted archive Critical
CVE-2017-0359 was published for diffoscope (pip) Jul 13, 2018
pysaml2 Improper Authentication vulnerability High
CVE-2017-1000433 was published for pysaml2 (pip) Jul 13, 2018
tdunlap607
Unsafe deserialization in owlmixin Critical
CVE-2017-16618 was published for owlmixin (pip) Jul 13, 2018
Unsafe deserialization in MLAlchemy Critical
CVE-2017-16615 was published for MLAlchemy (pip) Jul 13, 2018
cfscrape Improper Input Validation vulnerability High
CVE-2017-7235 was published for cfscrape (pip) Jul 13, 2018
django-epiceditor vulnerable to XSS in form field Moderate
CVE-2017-6591 was published for django-epiceditor (pip) Jul 13, 2018
FedMsg not properly completing message validation High
CVE-2017-1000001 was published for FedMsg (pip) Jul 13, 2018
High severity vulnerability that affects mercurial High
CVE-2017-9462 was published for mercurial (pip) Jul 13, 2018
python-fedora vulnerable to an open redirect resulting in loss of CSRF protection Moderate
CVE-2017-1002150 was published for python-fedora (pip) Jul 13, 2018
django_make_app is vulnerable to Code Injection Critical
CVE-2017-16764 was published for django_make_app (pip) Jul 13, 2018
Code injection in ansible High
CVE-2017-2809 was published for ansible-vault (pip) Jul 13, 2018
oslo.middleware Information Disclosure vulnerability Moderate
CVE-2017-2592 was published for oslo.middleware (pip) Jul 13, 2018
Gunicorn contains Improper Neutralization of CRLF sequences in HTTP headers High
CVE-2018-1000164 was published for gunicorn (pip) Jul 12, 2018
tlslite-ng off-by-one error on mac checking Moderate
CVE-2018-1000159 was published for tlslite-ng (pip) Jul 12, 2018
Django-Anymail prone to a timing attack Critical
CVE-2018-6596 was published for django-anymail (pip) Jul 12, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database