Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

3,383 advisories

Loading
autogluon.multimodal vulnerable to unsafe YAML deserialization High
GHSA-6h2x-4gjf-jc5w was published for autogluon.multimodal (pip) Sep 21, 2022
sxjscience
jwcrypto token substitution can lead to authentication bypass Moderate
CVE-2022-3102 was published for jwcrypto (pip) Sep 21, 2022
mofh Vulnerable to Improper Restriction of XML External Entity Reference Moderate
GHSA-7r9x-qrpr-3cxw was published for mofh (pip) Aug 11, 2022
django-sendfile2 before 0.7.0 contains reflected file download vulnerability High
GHSA-pcjh-6r5h-r92r was published for django-sendfile2 (pip) Aug 11, 2022
moggers87 sergei-maertens
Vulnerable OpenSSL included in cryptography wheels Moderate
GHSA-39hc-v87j-747x was published for cryptography (pip) Nov 2, 2022
Package discontinued because Bitly lowered the free quota Low
GHSA-ggrh-grj3-vfvw was published for bitlyshortener (pip) Nov 28, 2022
Phoenix-ws source code and data in extensions folder is publicly available High
GHSA-c8f7-x2g7-7fxj was published for phoenix-ws (pip) Jun 2, 2022
Cross-Site Scripting Moderate
GHSA-57h7-r3q3-w57j was published for djangorestframework (pip) Feb 24, 2021 withdrawn
Cross-Site Scripting Moderate
GHSA-94ww-22rx-493x was published for flower (pip) Feb 24, 2021 withdrawn
Timing attack Low
GHSA-xm8r-5wh6-f46f was published for autobahn (pip) Feb 24, 2021 withdrawn
Vyper interfaces returning integer types less than 256 bits can be manipulated if uint256 is used Low
GHSA-mr6r-mvw4-736g was published for vyper (pip) Mar 25, 2020
montyly
`CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in eager mode Low
GHSA-xf83-q765-xm6m was published for tensorflow (pip) Nov 21, 2022
`CHECK` failure in `SobolSample` via missing validation Low
GHSA-cqvq-fvhr-v6hc was published for tensorflow (pip) Nov 21, 2022
High severity vulnerability that affects indico High
GHSA-67cx-rhhq-mfhq was published for indico (pip) Oct 11, 2019
Moderate severity vulnerability that affects mailman Moderate
CVE-2018-13796 was published for mailman (pip) Sep 11, 2018
Moderate severity vulnerability that affects Products.PlonePAS Moderate
CVE-2009-0662 was published for Products.PlonePAS (pip) Jul 23, 2018
CSRF tokens leaked in URL by canned query form Moderate
GHSA-q6j3-c4wc-63vw was published for datasette (pip) Aug 11, 2020
Moderate severity vulnerability that affects Zope2 Moderate
CVE-2010-1104 was published for Zope2 (pip) Jul 23, 2018
Moderate severity vulnerability that affects aioxmpp Moderate
GHSA-32f7-cmr3-vpjv was published for aioxmpp (pip) Feb 7, 2019 withdrawn
Directory traversal outside of SENDFILE_ROOT in django-sendfile2 Moderate
GHSA-6r3c-8xf3-ggrr was published for django-sendfile2 (pip) Jun 24, 2020
gipi moggers87
Memory leak in Nanopb Moderate
CVE-2020-26243 was published for nanopb (pip) Nov 25, 2020
UNEDITABLE_SCHEMAS and UNEDITABLE_TABLE_DESCRIPTION_MATCH_RULES not respected by frontend service backend Low
GHSA-47qg-q58v-7vrp was published for amundsen-frontend (pip) Dec 2, 2020
dorianj
Key Caching behavior in the DynamoDB Encryption Client. Low
GHSA-4ph2-8337-hm62 was published for dynamodb-encryption-sdk (pip) Feb 8, 2021
Update bitlyshortener to >=0.5.0 to prevent generating some invalid short URLs High
GHSA-r82c-j4mq-5xfw was published for bitlyshortener (pip) Oct 27, 2020
datasette-graphql leaks details of the schema of private database files Low
GHSA-74hv-qjjq-h7g5 was published for datasette-graphql (pip) Nov 24, 2020
ProTip! Advisories are also available from the GraphQL API