GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,479 advisories
Filter by severity
Improper Neutralization of Input During Web Page Generation in html5lib
Moderate
CVE-2016-9909
was published
for
html5lib
(pip)
May 17, 2022
Gradio vulnerable to arbitrary file read and proxying of arbitrary URLs
Moderate
CVE-2023-34239
was published
for
gradio
(pip)
Jun 9, 2023
Home Assistant vulnerable to account takeover via auth_callback login
Moderate
CVE-2023-41893
was published
for
homeassistant
(pip)
Oct 26, 2023
Potential Captcha Validate Bypass in flask-session-captcha
Moderate
CVE-2022-24880
was published
for
flask-session-captcha
(pip)
Apr 26, 2022
Verification check bypass in Gate One
Moderate
CVE-2020-19003
was published
for
gateone
(pip)
Oct 12, 2021
XML External Entity Reference in Glances
Moderate
CVE-2021-23418
was published
for
Glances
(pip)
Aug 9, 2021
GitPython blind local file inclusion
Moderate
CVE-2023-41040
was published
for
GitPython
(pip)
Aug 30, 2023
Open redirect in Flask-Unchained
Moderate
CVE-2021-23393
was published
for
Flask-Unchained
(pip)
Jun 15, 2021
D-Tale Command Execution Vulnerability
Moderate
CVE-2024-8862
was published
for
dtale
(pip)
Sep 16, 2024
Aim Stored XSS through TEXT EXPLORER
Moderate
CVE-2024-8863
was published
for
aim
(pip)
Sep 16, 2024
FreeIPA logs passwords embedded in commands in calls using batch
Moderate
CVE-2019-10195
was published
for
freeipa
(pip)
May 24, 2022
Open redirect vulnerability in Flask-Security-Too
Moderate
CVE-2023-49438
was published
for
Flask-Security-Too
(pip)
Dec 27, 2023
Flask-Admin Cross-site Scripting vulnerability
Moderate
CVE-2018-16516
was published
for
flask-admin
(pip)
Dec 19, 2018
Feedgen Vulnerable to XML Denial of Service Attacks
Moderate
CVE-2020-5227
was published
for
feedgen
(pip)
Jan 28, 2020
Djiblets Cross-site scripting Vulnerability via JSON Objects
Moderate
CVE-2014-3994
was published
for
Djblets
(pip)
May 17, 2022
Fava vulnerable to reflected cross-site scripting
Moderate
CVE-2022-2589
was published
for
fava
(pip)
Aug 2, 2022
Fava vulnerable to Reflected Cross-site Scripting
Moderate
CVE-2022-2523
was published
for
fava
(pip)
Jul 26, 2022
feedparser Cross-site Scripting vulnerability
Moderate
CVE-2011-1158
was published
for
feedparser
(pip)
Jul 23, 2018
Improper Handling of Highly Compressed Data (Data Amplification) and Memory Allocation with Excessive Size Value in eventlet
Moderate
CVE-2021-21419
was published
for
eventlet
(pip)
May 7, 2021
feedparser Cross-site Scripting vulnerability
Moderate
CVE-2011-1157
was published
for
feedparser
(pip)
Jul 23, 2018
Observable Response Discrepancy in Flask-AppBuilder
Moderate
CVE-2021-29621
was published
for
Flask-AppBuilder
(pip)
May 27, 2021
Fava time and filter parameters vulnerable to reflected Cross-site Scripting
Moderate
CVE-2022-2514
was published
for
fava
(pip)
Jul 26, 2022
Elastic APM agent for Python client CGI proxy redirection flaw
Moderate
CVE-2019-7617
was published
for
elastic-apm
(pip)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API