Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,218
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

3,332 advisories

Loading
Directory traversal outside of SENDFILE_ROOT in django-sendfile2 Moderate
GHSA-6r3c-8xf3-ggrr was published for django-sendfile2 (pip) Jun 24, 2020
gipi moggers87
Cross-Site Scripting in Wagtail Moderate
CVE-2020-15118 was published for wagtail (pip) Jul 20, 2020
acarasimon96
Client Denial of Service on TUF Moderate
CVE-2020-6173 was published for tuf (pip) Aug 21, 2020
Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request Low
CVE-2020-15239 was published for xmpp-http-upload (pip) Oct 6, 2020
ChristianTacke
Memory leak in Nanopb Moderate
CVE-2020-26243 was published for nanopb (pip) Nov 25, 2020
UNEDITABLE_SCHEMAS and UNEDITABLE_TABLE_DESCRIPTION_MATCH_RULES not respected by frontend service backend Low
GHSA-47qg-q58v-7vrp was published for amundsen-frontend (pip) Dec 2, 2020
dorianj
Key Caching behavior in the DynamoDB Encryption Client. Low
GHSA-4ph2-8337-hm62 was published for dynamodb-encryption-sdk (pip) Feb 8, 2021
Update bitlyshortener to >=0.5.0 to prevent generating some invalid short URLs High
GHSA-r82c-j4mq-5xfw was published for bitlyshortener (pip) Oct 27, 2020
datasette-graphql leaks details of the schema of private database files Low
GHSA-74hv-qjjq-h7g5 was published for datasette-graphql (pip) Nov 24, 2020
VVE-2021-0002: Incorrect `returndatasize` when using simple forwarder proxies deployed prior to EIP-1167 adoption Low
GHSA-375m-5fvv-xq23 was published for vyper (pip) Apr 19, 2021
Buffer overflow in deprecated USB HALs and stack overflow in USB enumeration Low
GHSA-f366-4rvv-95x2 was published for cryptoauthlib (pip) Oct 2, 2020
CLI does not correctly implement strict mode Low
GHSA-2xwp-m7mq-7q3r was published for aws-encryption-sdk-cli (pip) Oct 28, 2020
Open Redirect in Flask-Security-Too Low
GHSA-gxjj-f44v-qm94 was published for Flask-Security-Too (pip) Dec 14, 2021 withdrawn
Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpoint Moderate
GHSA-7h5v-85w9-pq6c was published for matrix-synapse (pip) May 19, 2021
Remote Code Execution via traversal in TAL expressions High
GHSA-rpcg-f9q6-2mq6 was published for Zope (pip) Jun 8, 2021
Uncontrolled Resource Consumption in pillow Moderate
GHSA-jgpv-4h4c-xhw3 was published for pillow (pip) Apr 23, 2021
Storage corruption due to variables overwritten by re-entrancy locks High
GHSA-7f92-rr6w-cq64 was published for vyper (pip) Aug 5, 2021
pandadefi charles-cooper
iamdefinitelyahuman
Remote Code Execution via traversal in TAL expressions Moderate
GHSA-5pr9-v234-jw36 was published for Zope (pip) Jun 18, 2021
CSRF Vuln can expose user's QRcode Low
GHSA-fxq4-r6mr-9x64 was published for Flask-Security-Too (pip) Apr 8, 2021
Potential API key leak Moderate
GHSA-63rq-p8fp-524q was published for sopel-modules.weather (pip) Apr 13, 2021
VVE-2021-0001: Memory corruption using function calls within arrays Moderate
GHSA-22wc-c9wj-6q2v was published for vyper (pip) Apr 19, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk Moderate
GHSA-x5h4-9gqw-942j was published for aws-encryption-sdk (pip) Jun 1, 2021
Unauthorized access through URL manipulation High
GHSA-qrmm-w4v4-q7f8 was published for docassemble (pip) May 6, 2021
jimmio
Improper Verification of Cryptographic Signature in aws-encryption-sdk-cli Moderate
GHSA-89v2-g37m-g3ff was published for aws-encryption-sdk-cli (pip) Jun 1, 2021
Improper Input Validation in OpenCV Moderate
CVE-2016-1517 was published for opencv-contrib-python (pip) Oct 12, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database