GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
30
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,683
NuGet
650
pip
3,299
Pub
11
RubyGems
878
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
113 advisories
Filter by severity
Improper input validation in pyftpdlib
Moderate
CVE-2008-7264
was published
for
pyftpdlib
(pip)
May 17, 2022
Python RSA allows attackers to spoof signatures
Moderate
CVE-2016-1494
was published
for
rsa
(pip)
May 14, 2022
Arbitrary file deletion in litellm
Moderate
CVE-2024-4888
was published
for
litellm
(pip)
Jun 6, 2024
PyWBEM TOCTOU vulnerability in certificate validation
Moderate
CVE-2013-6444
was published
for
pywbem
(pip)
May 17, 2022
Username spoofing in OnionShare
Moderate
CVE-2022-21696
was published
for
onionshare-cli
(pip)
Jan 21, 2022
OAuthLib vulnerable to DoS when attacker provides malicious IPV6 URI
Moderate
CVE-2022-36087
was published
for
oauthlib
(pip)
Sep 16, 2022
SSRF in Sydent due to missing validation of hostnames
Moderate
CVE-2021-29431
was published
for
matrix-sydent
(pip)
Apr 19, 2021
Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints
Moderate
CVE-2021-21393
was published
for
matrix-synapse
(pip)
Apr 13, 2021
mangadex-downloader vulnerable to unauthorized file reading
Moderate
CVE-2022-36082
was published
for
mangadex-downloader
(pip)
Sep 16, 2022
Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints
Moderate
CVE-2021-21394
was published
for
matrix-synapse
(pip)
Apr 13, 2021
Malicious users could abuse Sydent to control the content of invitation emails
Moderate
CVE-2021-29432
was published
for
matrix-sydent
(pip)
Apr 19, 2021
Sydent DoS (via resource exhaustion) due to improper input validation
Moderate
CVE-2021-29433
was published
for
matrix-sydent
(pip)
Apr 16, 2021
Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites
Moderate
CVE-2023-32323
was published
for
matrix-synapse
(pip)
May 24, 2023
httplib2 incorrectly checks SSL certificate
Moderate
CVE-2013-2037
was published
for
httplib2
(pip)
May 14, 2022
Gradio vulnerable to arbitrary file read and proxying of arbitrary URLs
Moderate
CVE-2023-34239
was published
for
gradio
(pip)
Jun 9, 2023
Elastic APM agent for Python client CGI proxy redirection flaw
Moderate
CVE-2019-7617
was published
for
elastic-apm
(pip)
May 24, 2022
Improper Input Validation in Django
Moderate
CVE-2019-3498
was published
for
Django
(pip)
Jan 14, 2019
Cross-site Scripting (XSS) in Django REST Framework
Moderate
CVE-2020-25626
was published
for
djangorestframework
(pip)
Mar 19, 2021
Improper query string handling in Django
Moderate
CVE-2010-4534
was published
for
Django
(pip)
Jul 23, 2018
Apache Airflow Improper Input Validation vulnerability
Moderate
CVE-2023-22888
was published
for
apache-airflow
(pip)
Jul 12, 2023
Apache Airflow Improper Input Validation vulnerability
Moderate
CVE-2023-36543
was published
for
apache-airflow
(pip)
Jul 12, 2023
Apache Libcloud vulnerable to certificate impersonation
Moderate
CVE-2012-3446
was published
for
apache-libcloud
(pip)
May 17, 2022
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible
Moderate
CVE-2019-14905
was published
for
ansible
(pip)
Apr 20, 2021
ProTip!
Advisories are also available from the
GraphQL API