Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

10 advisories

Loading
pyLoad is vulnerable to attacks that bypass localhost restrictions, enabling the creation of arbitrary packages High
CVE-2025-7346 was published for pyload-ng (pip) Jul 8, 2025
PinkDraconian
OctoPrint Authenticated Reverse Proxy Page Authentication Bypass Moderate
CVE-2025-32788 was published for octoprint (pip) Apr 22, 2025
jacopotediosi
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled High
CVE-2024-32977 was published for OctoPrint (pip) May 14, 2024
jacopotediosi
pretix potential IP address spoofing vulnerability Moderate
CVE-2023-44463 was published for pretix (pip) Oct 2, 2023
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes Low
CVE-2023-41329 was published for com.github.tomakehurst:wiremock-jre8 (Maven) Sep 8, 2023
W0rty numacanedo
tomakehurst Mahoney oleg-nenashev
python-jwt vulnerable to token forgery with new claims Critical
CVE-2022-39227 was published for python-jwt (pip) Sep 21, 2022
TomTervoort
Django WSGI Header Spoofing Vulnerability Moderate
CVE-2015-0219 was published for Django (pip) May 17, 2022
Verification check bypass in Gate One Moderate
CVE-2020-19003 was published for gateone (pip) Oct 12, 2021
Implementation trusts the "me" field returned by the authorization server without verifying it Critical
GHSA-mjcr-rqjg-rhg3 was published for datasette-indieauth (pip) Nov 24, 2020
2FA bypass in Wagtail through new device path Moderate
CVE-2019-16766 was published for wagtail-2fa (pip) Nov 29, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database