Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,034
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,663 advisories

Loading
Plone Sandbox Escape Moderate
CVE-2017-5524 was published for Plone (pip) Jul 12, 2018
markdown2 is vulnerable to cross-site scripting Moderate
CVE-2018-5773 was published for markdown2 (pip) Jul 12, 2018
woodruffw
Credited to woodruffw
python-fedora vulnerable to an open redirect resulting in loss of CSRF protection Moderate
CVE-2017-1002150 was published for python-fedora (pip) Jul 13, 2018
django-epiceditor vulnerable to XSS in form field Moderate
CVE-2017-6591 was published for django-epiceditor (pip) Jul 13, 2018
Pysaml2 improperly initializes encryption vector Moderate
CVE-2017-1000246 was published for pysaml2 (pip) Jul 16, 2018
zmthy
Credited to zmthy
Moderate severity vulnerability that affects Products.PlonePAS Moderate
CVE-2009-0662 was published for Products.PlonePAS (pip) Jul 23, 2018
Cross-site scripting in Products.CMFPlone and Products.PasswordResetTool Moderate
CVE-2011-1948 was published for Plone (pip) Jul 23, 2018
Moderate severity vulnerability that affects Zope2 Moderate
CVE-2010-1104 was published for Zope2 (pip) Jul 23, 2018
feedparser Cross-site Scripting vulnerability Moderate
CVE-2011-1158 was published for feedparser (pip) Jul 23, 2018
Improper date handling in Django Moderate
CVE-2010-4535 was published for Django (pip) Jul 23, 2018
MarkLee131
Credited to MarkLee131
feedparser Cross-site Scripting vulnerability Moderate
CVE-2011-1157 was published for feedparser (pip) Jul 23, 2018
Session manipulation in Django Moderate
CVE-2011-4136 was published for Django (pip) Jul 23, 2018
MarkLee131
Credited to MarkLee131
Cross-site scripting in django Moderate
CVE-2010-3082 was published for Django (pip) Jul 23, 2018
tdunlap607
Credited to tdunlap607
Cross-site scripting in django Moderate
CVE-2011-0697 was published for Django (pip) Jul 23, 2018
sunSUNQ
Credited to sunSUNQ
Plone Cross-site Scripting vulnerability Moderate
CVE-2011-1949 was published for Plone (pip) Jul 23, 2018
Pillow Buffer overflow in ImagingLibTiffDecode Moderate
CVE-2016-0740 was published for pillow (pip) Jul 24, 2018
Pillow Integer overflow in Map.c Moderate
CVE-2016-9189 was published for pillow (pip) Jul 24, 2018
mayan-edms Cross-site Scripting vulnerability Moderate
CVE-2018-16405 was published for mayan-edms (pip) Sep 6, 2018
Moderate severity vulnerability that affects mayan-edms Moderate
CVE-2018-16406 was published for mayan-edms (pip) Sep 6, 2018
Moderate severity vulnerability that affects mayan-edms Moderate
CVE-2018-16407 was published for mayan-edms (pip) Sep 6, 2018
Moderate severity vulnerability that affects mailman Moderate
CVE-2018-13796 was published for mailman (pip) Sep 11, 2018
Qutebrowser XSS Vulnerability Moderate
CVE-2018-1000559 was published for qutebrowser (pip) Sep 13, 2018
Django allows unprivileged users to read the password hashes of arbitrary accounts Moderate
CVE-2018-16984 was published for django (pip) Oct 3, 2018
sunSUNQ
Credited to sunSUNQ
Django open redirect Moderate
CVE-2018-14574 was published for Django (pip) Oct 4, 2018
MarkLee131
Credited to MarkLee131
In marshmallow library the schema "only" option treats an empty list as implying no "only" option Moderate
CVE-2018-17175 was published for marshmallow (pip) Oct 10, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database