GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,477 advisories
Filter by severity
Improper Handling of Highly Compressed Data (Data Amplification) and Memory Allocation with Excessive Size Value in eventlet
Moderate
CVE-2021-21419
was published
for
eventlet
(pip)
May 7, 2021
feedparser Cross-site Scripting vulnerability
Moderate
CVE-2011-1157
was published
for
feedparser
(pip)
Jul 23, 2018
Observable Response Discrepancy in Flask-AppBuilder
Moderate
CVE-2021-29621
was published
for
Flask-AppBuilder
(pip)
May 27, 2021
Fava time and filter parameters vulnerable to reflected Cross-site Scripting
Moderate
CVE-2022-2514
was published
for
fava
(pip)
Jul 26, 2022
Elastic APM agent for Python client CGI proxy redirection flaw
Moderate
CVE-2019-7617
was published
for
elastic-apm
(pip)
May 24, 2022
feedparser Cross-site Scripting vulnerability
Moderate
CVE-2009-5065
was published
for
feedparser
(pip)
May 2, 2022
Observable Response Discrepancy in Flask-AppBuilder
Moderate
CVE-2022-21659
was published
for
Flask-AppBuilder
(pip)
Feb 1, 2022
Duplicate Advisory: possible DoS caused by malformed signature decoding in Pure-Python ECDSA
Moderate
GHSA-2mrj-435v-c2cr
was published
for
ecdsa
(pip)
Dec 2, 2019
•
withdrawn
Exposure of Sensitive Information in EVE-SRP
Moderate
CVE-2020-36660
was published
for
EVE-SRP
(pip)
Feb 6, 2023
Django Cross-site Scripting in AdminURLFieldWidget
Moderate
CVE-2019-12308
was published
for
Django
(pip)
Jun 10, 2019
Improper Input Validation in Django
Moderate
CVE-2019-3498
was published
for
Django
(pip)
Jan 14, 2019
Prevent XSS from Confidant API call
Moderate
CVE-2024-45793
was published
for
confidant
(pip)
Sep 20, 2024
Django Denial-of-service in django.utils.text.Truncator
Moderate
CVE-2023-43665
was published
for
Django
(pip)
Nov 3, 2023
Django Directory Traversal via archive.extract
Moderate
CVE-2021-3281
was published
for
django
(pip)
Mar 18, 2021
Header injection possible in Django
Moderate
CVE-2021-32052
was published
for
Django
(pip)
Jun 9, 2021
Data leakage via cache key collision in Django
Moderate
CVE-2020-13254
was published
for
Django
(pip)
Jun 5, 2020
Django Denial of service vulnerability in django.utils.encoding.uri_to_iri
Moderate
CVE-2023-41164
was published
for
django
(pip)
Nov 3, 2023
Django denial-of-service attack in the intcomma template filter
Moderate
CVE-2024-24680
was published
for
Django
(pip)
Feb 7, 2024
Django allows unintended model editing
Moderate
CVE-2019-19118
was published
for
Django
(pip)
Dec 4, 2019
Cross-site Scripting (XSS) in Django REST Framework
Moderate
CVE-2020-25626
was published
for
djangorestframework
(pip)
Mar 19, 2021
ProTip!
Advisories are also available from the
GraphQL API