GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,387 advisories
Filter by severity
PyKMIP Denial of service vulnerability
High
CVE-2018-1000872
was published
for
pykmip
(pip)
Dec 21, 2018
aiohttp-session creates non-expiring sessions
High
CVE-2018-1000814
was published
for
aiohttp-session
(pip)
Dec 20, 2018
Cross-Site Request Forgery (CSRF) in Luigi
High
CVE-2018-1000843
was published
for
luigi
(pip)
Dec 20, 2018
Flask-Admin Cross-site Scripting vulnerability
Moderate
CVE-2018-16516
was published
for
flask-admin
(pip)
Dec 19, 2018
Exposure of Sensitive Information to an Unauthorized Actor in urllib3
Critical
CVE-2018-20060
was published
for
urllib3
(pip)
Dec 12, 2018
Py-EVM is vulnerable to arbitrary bytecode injection
High
CVE-2018-18920
was published
for
py-evm
(pip)
Nov 21, 2018
Jupyter Notebook XSS via directory name
Moderate
CVE-2018-19352
was published
for
notebook
(pip)
Nov 21, 2018
Jupyter Notebook XSS via untrusted notebooks
Moderate
CVE-2018-19351
was published
for
notebook
(pip)
Nov 21, 2018
High severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11
High
CVE-2017-12612
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Nov 9, 2018
Deserialization of Untrusted Data in superset
Critical
CVE-2018-8021
was published
for
superset
(pip)
Nov 9, 2018
python-gnupg's shell_quote function does not properly quote strings
High
CVE-2014-1927
was published
for
python-gnupg
(pip)
Nov 6, 2018
High severity vulnerability that affects python-gnupg
High
CVE-2013-7323
was published
for
python-gnupg
(pip)
Nov 6, 2018
python-gnupg's shell_quote function does not properly escape characters
High
CVE-2014-1928
was published
for
python-gnupg
(pip)
Nov 6, 2018
python-gnupg vulnerable to shell injection
Critical
CVE-2014-1929
was published
for
python-gnupg
(pip)
Nov 6, 2018
Improper Input Validation in kdcproxy
High
CVE-2015-5159
was published
for
kdcproxy
(pip)
Nov 1, 2018
Insufficiently Protected Credentials in Requests
High
CVE-2018-18074
was published
for
requests
(pip)
Oct 29, 2018
conference-scheduler-cli Arbitrary Code Execution
High
CVE-2018-14572
was published
for
conference-scheduler-cli
(pip)
Oct 29, 2018
Ansible does not verify that the server hostname matches a domain name in certificates
High
CVE-2015-3908
was published
for
ansible
(pip)
Oct 10, 2018
Ansible fails to cache SSH host keys
Critical
CVE-2013-2233
was published
for
ansible
(pip)
Oct 10, 2018
Improper Input Validation in ansible
Moderate
CVE-2016-8647
was published
for
ansible
(pip)
Oct 10, 2018
Ansible apt_key module does not properly verify key fingerprint
High
CVE-2016-8614
was published
for
ansible
(pip)
Oct 10, 2018
ProTip!
Advisories are also available from the
GraphQL API