GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,094 advisories
Filter by severity
Refuel Autolab Eval Injection vulnerability
High
CVE-2024-27321
was published
for
refuel-autolabel
(pip)
Sep 12, 2024
GitPython vulnerable to Remote Code Execution due to improper user input validation
High
CVE-2022-24439
was published
for
GitPython
(pip)
Dec 6, 2022
Regular Expression Denial of Service in flask-restx
High
CVE-2021-32838
was published
for
flask-restx
(pip)
Sep 8, 2021
FormEncode Access Restrictions Bypass
High
CVE-2008-6547
was published
for
FormEncode
(pip)
May 17, 2022
Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header
High
CVE-2023-30861
was published
for
flask
(pip)
May 1, 2023
CSRF can expose users authentication token
High
CVE-2021-21241
was published
for
Flask-Security-Too
(pip)
Jan 11, 2021
Improper Authentication in Flask-AppBuilder
High
CVE-2021-41265
was published
for
Flask-AppBuilder
(pip)
Dec 9, 2021
FedMsg not properly completing message validation
High
CVE-2017-1000001
was published
for
FedMsg
(pip)
Jul 13, 2018
Flask-AppBuilder Open Redirect vulnerability
High
CVE-2021-32805
was published
for
Flask-AppBuilder
(pip)
Sep 8, 2021
feedparser denial of service vulnerability
High
CVE-2011-1156
was published
for
feedparser
(pip)
Jul 23, 2018
Cross-Site Request Forgery (CSRF) in FastAPI
High
CVE-2021-32677
was published
for
fastapi
(pip)
Jun 10, 2021
feedparser denial of service vulnerability
High
CVE-2012-2921
was published
for
feedparser
(pip)
Jul 24, 2018
Improper Verification of Cryptographic Signature in fastecdsa
High
CVE-2020-12607
was published
for
fastecdsa
(pip)
Oct 12, 2021
Elixir can leak information due to weak use of crypto
High
CVE-2012-2146
was published
for
Elixir
(pip)
May 17, 2022
ecdsa Denial of Service vulnerability in signature verification and signature malleability
High
CVE-2019-14853
was published
for
ecdsa
(pip)
Oct 8, 2019
Django Denial-of-service in strip_tags()
High
CVE-2019-14233
was published
for
Django
(pip)
Aug 6, 2019
Django Denial-of-service in django.utils.text.Truncator
High
CVE-2019-14232
was published
for
Django
(pip)
Aug 6, 2019
Django potential denial of service vulnerability in UsernameField on Windows
High
CVE-2023-46695
was published
for
Django
(pip)
Nov 2, 2023
Django has regular expression denial of service vulnerability in EmailValidator/URLValidator
High
CVE-2023-36053
was published
for
Django
(pip)
Jul 3, 2023
Django Access Control Bypass possibly leading to SSRF, RFI, and LFI attacks
High
CVE-2021-33571
was published
for
Django
(pip)
Jun 10, 2021
Potential bypass of an upstream access control based on URL paths in Django
High
CVE-2021-44420
was published
for
Django
(pip)
Dec 9, 2021
ProTip!
Advisories are also available from the
GraphQL API