Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

413 advisories

Loading
Paramiko not properly checking authentication before processing other requests Critical
CVE-2018-7750 was published for paramiko (pip) Jul 12, 2018
Eve allows execution of arbitrary code Critical
CVE-2018-8097 was published for eve (pip) Jul 12, 2018
Koji hub call does not perform correct access checks Critical
CVE-2018-1002150 was published for koji (pip) Jul 12, 2018
Django-Anymail prone to a timing attack Critical
CVE-2018-6596 was published for django-anymail (pip) Jul 12, 2018
django_make_app is vulnerable to Code Injection Critical
CVE-2017-16764 was published for django_make_app (pip) Jul 13, 2018
Unsafe deserialization in MLAlchemy Critical
CVE-2017-16615 was published for MLAlchemy (pip) Jul 13, 2018
Unsafe deserialization in owlmixin Critical
CVE-2017-16618 was published for owlmixin (pip) Jul 13, 2018
pysaml2 Improper Authentication vulnerability Critical
CVE-2017-1000433 was published for pysaml2 (pip) Jul 13, 2018
tdunlap607
Diffoscope may write to arbitrary locations due to an untrusted archive Critical
CVE-2017-0359 was published for diffoscope (pip) Jul 13, 2018
Loaded Databook of Tablib prone to python insertion resulting in command execution Critical
CVE-2017-2810 was published for tablib (pip) Jul 13, 2018
Unsafe deserialization in confire Critical
CVE-2017-16763 was published for confire (pip) Jul 18, 2018
Django-piston and Django-tastypie do not properly deserialize YAML data Critical
CVE-2011-4103 was published for django-piston (pip) Jul 23, 2018
Directory traversal in Django Critical
CVE-2011-0698 was published for Django (pip) Jul 23, 2018
MarkLee131
Pillow Integer overflow in ImagingResampleHorizontal Critical
CVE-2016-4009 was published for pillow (pip) Jul 24, 2018
Code injection in rope Critical
CVE-2014-3539 was published for rope (pip) Jul 26, 2018
Mitmweb in mitmproxy allows DNS Rebinding attacks Critical
CVE-2018-14505 was published for mitmproxy (pip) Jul 31, 2018
SQL Injection in pycsw Critical
CVE-2016-8640 was published for pycsw (pip) Aug 15, 2018
Ansible fails to properly mark lookup-plugin results as unsafe Critical
CVE-2017-7481 was published for ansible (pip) Sep 6, 2018
Ansible fails to properly sanitize fact variables sent from the Ansible controller Critical
CVE-2016-8628 was published for ansible (pip) Oct 10, 2018
python-gnupg vulnerable to shell injection Critical
CVE-2014-1929 was published for python-gnupg (pip) Nov 6, 2018
Deserialization of Untrusted Data in superset Critical
CVE-2018-8021 was published for superset (pip) Nov 9, 2018
Exposure of Sensitive Information to an Unauthorized Actor in urllib3 Critical
CVE-2018-20060 was published for urllib3 (pip) Dec 12, 2018
Buffer Overflow in pycrypto Critical
CVE-2013-7459 was published for pycrypto (pip) Dec 14, 2018
Code injection in ymlref Critical
CVE-2018-20133 was published for ymlref (pip) Dec 19, 2018
PyYAML insecurely deserializes YAML strings leading to arbitrary code execution Critical
CVE-2017-18342 was published for pyyaml (pip) Jan 4, 2019
ProTip! Advisories are also available from the GraphQL API