Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
30
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,299
Pub
11
RubyGems
878
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

113 advisories

Loading
Improper input validation in pyftpdlib Moderate
CVE-2008-7264 was published for pyftpdlib (pip) May 17, 2022
Python RSA allows attackers to spoof signatures Moderate
CVE-2016-1494 was published for rsa (pip) May 14, 2022
Arbitrary file deletion in litellm Moderate
CVE-2024-4888 was published for litellm (pip) Jun 6, 2024
PyWBEM TOCTOU vulnerability in certificate validation Moderate
CVE-2013-6444 was published for pywbem (pip) May 17, 2022
Username spoofing in OnionShare Moderate
CVE-2022-21696 was published for onionshare-cli (pip) Jan 21, 2022
OAuthLib vulnerable to DoS when attacker provides malicious IPV6 URI Moderate
CVE-2022-36087 was published for oauthlib (pip) Sep 16, 2022
SCH227 loljawn
SSRF in Sydent due to missing validation of hostnames Moderate
CVE-2021-29431 was published for matrix-sydent (pip) Apr 19, 2021
Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints Moderate
CVE-2021-21393 was published for matrix-synapse (pip) Apr 13, 2021
mangadex-downloader vulnerable to unauthorized file reading Moderate
CVE-2022-36082 was published for mangadex-downloader (pip) Sep 16, 2022
Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints Moderate
CVE-2021-21394 was published for matrix-synapse (pip) Apr 13, 2021
Malicious users could abuse Sydent to control the content of invitation emails Moderate
CVE-2021-29432 was published for matrix-sydent (pip) Apr 19, 2021
Sydent DoS (via resource exhaustion) due to improper input validation Moderate
CVE-2021-29433 was published for matrix-sydent (pip) Apr 16, 2021
Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites Moderate
CVE-2023-32323 was published for matrix-synapse (pip) May 24, 2023
httplib2 incorrectly checks SSL certificate Moderate
CVE-2013-2037 was published for httplib2 (pip) May 14, 2022
Gradio vulnerable to arbitrary file read and proxying of arbitrary URLs Moderate
CVE-2023-34239 was published for gradio (pip) Jun 9, 2023
mastomii
Elastic APM agent for Python client CGI proxy redirection flaw Moderate
CVE-2019-7617 was published for elastic-apm (pip) May 24, 2022
Improper Input Validation in Django Moderate
CVE-2019-3498 was published for Django (pip) Jan 14, 2019
Cross-site Scripting (XSS) in Django REST Framework Moderate
CVE-2020-25626 was published for djangorestframework (pip) Mar 19, 2021
Improper date handling in Django Moderate
CVE-2010-4535 was published for Django (pip) Jul 23, 2018
MarkLee131
Session manipulation in Django Moderate
CVE-2011-4136 was published for Django (pip) Jul 23, 2018
MarkLee131
Improper query string handling in Django Moderate
CVE-2010-4534 was published for Django (pip) Jul 23, 2018
MarkLee131
Apache Airflow Improper Input Validation vulnerability Moderate
CVE-2023-22888 was published for apache-airflow (pip) Jul 12, 2023
Apache Airflow Improper Input Validation vulnerability Moderate
CVE-2023-36543 was published for apache-airflow (pip) Jul 12, 2023
Apache Libcloud vulnerable to certificate impersonation Moderate
CVE-2012-3446 was published for apache-libcloud (pip) May 17, 2022
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible Moderate
CVE-2019-14905 was published for ansible (pip) Apr 20, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database