Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,825
Erlang
36
GitHub Actions
32
Go
2,417
Maven
5,000+
npm
4,054
NuGet
723
pip
3,845
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,482 advisories

Loading
PyKMIP Denial of service vulnerability High
CVE-2018-1000872 was published for pykmip (pip) Dec 21, 2018
tdunlap607
aiohttp-session creates non-expiring sessions High
CVE-2018-1000814 was published for aiohttp-session (pip) Dec 20, 2018
Cross-Site Request Forgery (CSRF) in Luigi High
CVE-2018-1000843 was published for luigi (pip) Dec 20, 2018
Session Fixation in Tryton High
CVE-2018-19443 was published for tryton (pip) Nov 29, 2018
Py-EVM is vulnerable to arbitrary bytecode injection High
CVE-2018-18920 was published for py-evm (pip) Nov 21, 2018
Apache Spark Deserialization of Untrusted Data vulnerability High
CVE-2017-12612 was published for org.apache.spark:spark-core_2.10 (Maven) Nov 9, 2018
python-gnupg's shell_quote function does not properly quote strings High
CVE-2014-1927 was published for python-gnupg (pip) Nov 6, 2018
python-gnupg allows context-dependent attackers to execute arbitrary commands via shell metacharacters High
CVE-2013-7323 was published for python-gnupg (pip) Nov 6, 2018
python-gnupg's shell_quote function does not properly escape characters High
CVE-2014-1928 was published for python-gnupg (pip) Nov 6, 2018
Improper Input Validation in kdcproxy High
CVE-2015-5159 was published for kdcproxy (pip) Nov 1, 2018
Insufficiently Protected Credentials in Requests High
CVE-2018-18074 was published for requests (pip) Oct 29, 2018
conference-scheduler-cli Arbitrary Code Execution High
CVE-2018-14572 was published for conference-scheduler-cli (pip) Oct 29, 2018
Ansible does not verify that the server hostname matches a domain name in certificates High
CVE-2015-3908 was published for ansible (pip) Oct 10, 2018
Link Following in ansible High
CVE-2016-3096 was published for ansible (pip) Oct 10, 2018
Ansible apt_key module does not properly verify key fingerprint High
CVE-2016-8614 was published for ansible (pip) Oct 10, 2018
Ansible exposes sensitive data in log files and on the terminal High
CVE-2018-10855 was published for ansible (pip) Oct 10, 2018
PyOpenSSL Use-After-Free vulnerability High
CVE-2018-1000807 was published for pyopenssl (pip) Oct 10, 2018
tdunlap607
Pyopenssl Incorrect Memory Management High
CVE-2018-1000808 was published for pyopenssl (pip) Oct 10, 2018
Paramiko Authentication Bypass vulnerability High
CVE-2018-1000805 was published for paramiko (pip) Oct 10, 2018
Qutebrowser CSRF Vulnerability High
CVE-2018-10895 was published for qutebrowser (pip) Oct 10, 2018
Django vulnerable to information leakage in AuthenticationForm High
CVE-2018-6188 was published for Django (pip) Oct 3, 2018
MarkLee131
websockets is vulnerable to denial of service by memory exhaustion High
CVE-2018-1000518 was published for websockets (pip) Sep 17, 2018
ericwb
Topydo Improper Input Validation vulnerability High
CVE-2018-1000523 was published for topydo (pip) Sep 13, 2018
aiohttp-session Session Fixation vulnerability High
CVE-2018-1000519 was published for aiohttp-session (pip) Sep 13, 2018
PyCryptodome integer overflow vulnerability High
CVE-2018-15560 was published for pycryptodome (pip) Aug 27, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database