Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

59 advisories

Loading
Django contains Uncontrolled Resource Consumption via cached header High
CVE-2023-23969 was published for django (pip) Feb 1, 2023
MarkLee131
Infinite Loop in Django High
CVE-2022-23833 was published for Django (pip) Feb 4, 2022
tdunlap607 MarkLee131
Django Reuses Cached CSRF Token High
CVE-2014-0473 was published for Django (pip) May 17, 2022
MarkLee131
Django database denial-of-service with ModelMultipleChoiceField High
CVE-2015-0222 was published for Django (pip) May 17, 2022
MarkLee131
Django vulnerable to information leakage in AuthenticationForm High
CVE-2018-6188 was published for Django (pip) Oct 3, 2018
MarkLee131
Django CSRF Protection Bypass High
CVE-2016-7401 was published for django (pip) May 14, 2022
MarkLee131
Django DNS Rebinding Vulnerability High
CVE-2016-9014 was published for Django (pip) May 17, 2022
MarkLee131
Django Denial-of-service possibility with strip_tags High
CVE-2015-2316 was published for Django (pip) May 14, 2022
MarkLee131
Django Denial-of-service by filling session store High
CVE-2015-5143 was published for Django (pip) Jul 5, 2019
MarkLee131
Denial of service in django High
CVE-2011-4137 was published for Django (pip) Jul 23, 2018
MarkLee131
Django cross-site request forgery (CSRF) vulnerability High
CVE-2008-3909 was published for django (pip) May 2, 2022
MarkLee131
Cross-site request forgery in Django High
CVE-2011-0696 was published for Django (pip) Jul 23, 2018
MarkLee131
XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue High
CVE-2019-12331 was published for phpoffice/phpspreadsheet (Composer) Nov 20, 2019
MarkLee131
XXE in PHPSpreadsheet due to encoding issue High
CVE-2018-19277 was published for phpoffice/phpspreadsheet (Composer) Nov 20, 2019
MarkLee131
RDF4J vulnerable to zip slip High
CVE-2018-20227 was published for org.eclipse.rdf4j:rdf4j (Maven) May 14, 2022
MarkLee131
Django Arbitrary Code Execution High
CVE-2007-0404 was published for Django (pip) May 1, 2022
MarkLee131
High severity vulnerability that affects io.vertx:vertx-web High
CVE-2018-12540 was published for io.vertx:vertx-web (Maven) Oct 17, 2018
MarkLee131
Apache Geode vulnerable to Incorrect Authorization High
CVE-2017-15695 was published for org.apache.geode:geode-core (Maven) May 13, 2022
MarkLee131
Restlet is vulnerable to Arbitrary Java Code Execution via crafted XML High
CVE-2013-4221 was published for org.restlet.jse:org.restlet (Maven) May 17, 2022
MarkLee131
Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass High
CVE-2018-1258 was published for org.springframework:spring-core (Maven) Oct 17, 2018
MarkLee131 sunSUNQ
Spring Security vulnerable to Authorization Bypass High
CVE-2018-15801 was published for org.springframework.security:spring-security-core (Maven) Dec 20, 2018
MarkLee131 sunSUNQ
Apache Geronimo Application Server multiple directory traversal vulnerabilities High
CVE-2008-5518 was published for org.apache.geronimo.plugins:console (Maven) May 14, 2022
MarkLee131
Commons FileUpload Denial of service vulnerability High
CVE-2014-0050 was published for commons-fileupload:commons-fileupload (Maven) Dec 21, 2018
MarkLee131
Improper certificate validation in org.apache.httpcomponents:httpclient High
CVE-2012-6153 was published for org.apache.httpcomponents:httpclient (Maven) Oct 17, 2018
MarkLee131
Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1 High
CVE-2013-1777 was published for org.apache.geronimo.framework:geronimo-jmx-remoting (Maven) May 17, 2022
westonsteimel MarkLee131
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database