Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,511 advisories

Loading
PyPinkSign uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption High
CVE-2023-48056 was published for pypinksign (pip) Nov 16, 2023
Ethyca Fides Cryptographically Weak Generation of One-Time Codes for Identity Verification High
CVE-2023-48224 was published for ethyca-fides (pip) Nov 16, 2023
RobertKeyser
vantage6-server node accepts non-whitelisted algorithms from malicious server High
CVE-2023-47631 was published for vantage6-node (pip) Nov 14, 2023
Label Studio Object Relational Mapper Leak Vulnerability in Filtering Task High
CVE-2023-47117 was published for label-studio (pip) Nov 14, 2023
alex-elttam
Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack High
CVE-2023-47163 was published for remarshal (pip) Nov 13, 2023
Apache Airflow vulnerable to Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2023-42781 was published for apache-airflow (pip) Nov 12, 2023
AsyncSSH Rogue Session Attack High
CVE-2023-46446 was published for asyncssh (pip) Nov 9, 2023
TrueSkrillor lambdafu
esptool allows attackers to view sensitive information via weak cryptographic algorithm High
CVE-2023-46894 was published for esptool (pip) Nov 9, 2023
Django Denial-of-service in django.utils.text.Truncator High
CVE-2023-43665 was published for Django (pip) Nov 3, 2023
Pillow Denial of Service vulnerability High
CVE-2023-44271 was published for pillow (pip) Nov 3, 2023
Django potential denial of service vulnerability in UsernameField on Windows High
CVE-2023-46695 was published for Django (pip) Nov 2, 2023
Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability High
CVE-2023-46215 was published for apache-airflow (pip) Oct 28, 2023
Nautobot vulnerable to exposure of hashed user passwords via REST API High
CVE-2023-46128 was published for nautobot (pip) Oct 24, 2023
Fides Server-Side Request Forgery Vulnerability in Custom Integration Upload High
CVE-2023-46124 was published for ethyca-fides (pip) Oct 24, 2023
grmpyninja
Langchain Server-Side Request Forgery vulnerability High
CVE-2023-32786 was published for langchain (pip) Oct 21, 2023
eyurtsev
PDM Trojan Lockfile High
CVE-2023-45805 was published for pdm (pip) Oct 20, 2023
wayphinder
modoboa Cross-site Scripting vulnerability High
CVE-2023-5689 was published for modoboa (pip) Oct 20, 2023
Viewing wget extractor output while logged in as an admin allows archived JS to execute in the admins context High
CVE-2023-45815 was published for archivebox (pip) Oct 19, 2023
LangChain Server Side Request Forgery vulnerability High
CVE-2023-46229 was published for langchain (pip) Oct 19, 2023
Pickle serialization vulnerable to Deserialization of Untrusted Data High
CVE-2023-23930 was published for vantage6 (pip) Oct 13, 2023
OctoPrint vulnerable to Improper Neutralization of Special Elements Used in a Template Engine High
CVE-2023-41047 was published for OctoPrint (pip) Oct 10, 2023
rggu2zr
Bundled libwebp in pywebp vulnerable High
GHSA-f9pm-4g9p-6vm3 was published for webp (pip) Oct 6, 2023
SCH227
NI MeasurementLink Python Services Improper Access Restriction vulnerability High
CVE-2023-4570 was published for ni-measurementlink-service (pip) Oct 5, 2023
Bundled libwebp in imagecodecs vulnerable High
GHSA-94vc-p8w7-5p49 was published for imagecodecs (pip) Oct 5, 2023
Duplicate Advisory: Bundled libwebp in Pillow vulnerable High
GHSA-56pw-mpj4-fxww was published for pillow (pip) Oct 5, 2023 withdrawn
dsten56
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database