Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,040 advisories

Loading
Ansible vulnerable to Insertion of Sensitive Information into Log File High
CVE-2024-8775 was published for ansible-core (pip) Sep 16, 2024
Klaas-
Credited to Klaas-
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin Moderate
CVE-2023-48795 was published for golang.org/x/crypto (Go) Dec 18, 2023
TrueSkrillor lambdafu
sugar700 levpachmanov
Credited to TrueSkrillor, lambdafu, sugar700, and levpachmanov
Null pointer dereference in PKCS12 parsing Moderate
CVE-2024-0727 was published for cryptography (pip) Jan 26, 2024
m3t3kh4n
Credited to m3t3kh4n
Jinja2 vulnerable to sandbox breakout through attr filter selecting format method Moderate
CVE-2025-27516 was published for Jinja2 (pip) Mar 5, 2025
securingapps
Credited to securingapps
Jinja has a sandbox breakout through indirect reference to format method Moderate
CVE-2024-56326 was published for jinja2 (pip) Dec 23, 2024
Lydxn despawningbone
Credited to Lydxn and despawningbone
aiohttp allows request smuggling due to incorrect parsing of chunk extensions Moderate
CVE-2024-52304 was published for aiohttp (pip) Nov 18, 2024
JeppW
Credited to JeppW
aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests High
CVE-2024-30251 was published for aiohttp (pip) May 3, 2024
bytehope
Credited to bytehope
flask-cors vulnerable to log injection when the log level is set to debug Moderate
CVE-2024-1681 was published for flask-cors (pip) Apr 19, 2024
bayandin
Credited to bayandin
aiohttp Cross-site Scripting vulnerability on index pages for static file handling Moderate
CVE-2024-27306 was published for aiohttp (pip) Apr 18, 2024
arkark
Credited to arkark
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators Moderate
CVE-2024-23829 was published for aiohttp (pip) Jan 29, 2024
pajod
Credited to pajod
aiohttp is vulnerable to directory traversal High
CVE-2024-23334 was published for aiohttp (pip) Jan 29, 2024
lcttty solarpeng502
Credited to lcttty and solarpeng502
aiohttp's ClientSession is vulnerable to CRLF injection via version Moderate
CVE-2023-49081 was published for aiohttp (pip) Nov 27, 2023
jnovikov
Credited to jnovikov
aiohttp's ClientSession is vulnerable to CRLF injection via method Moderate
CVE-2023-49082 was published for aiohttp (pip) Nov 27, 2023
jnovikov
Credited to jnovikov
Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacks Low
CVE-2023-47641 was published for aiohttp (pip) Nov 14, 2023
chinchila
Credited to chinchila
AIOHTTP has problems in HTTP parser (the python one, not llhttp) Moderate
CVE-2023-47627 was published for aiohttp (pip) Nov 14, 2023
kenballus
Credited to kenballus
Command Injection in pip when used with Mercurial Moderate
CVE-2023-5752 was published for pip (pip) Oct 25, 2023
mwpeterson
Credited to mwpeterson
motionEye vulnerable to RCE via unsanitized motion config parameter High
CVE-2025-60787 was published for motioneye (pip) Nov 3, 2025
prabhatverma47 MichaIng
Credited to prabhatverma47 and MichaIng
Duplicate Advisory: motionEye vulnerable to RCE via unsanitized motion config parameter High
GHSA-26f6-wm47-7h7j was published for motioneye (pip) Oct 3, 2025 withdrawn
internetarchive Vulnerable to Directory Traversal in File.download() Critical
CVE-2025-58438 was published for internetarchive (pip) Sep 5, 2025
pengowray
Credited to pengowray
h2 allows HTTP Request Smuggling due to illegal characters in headers Moderate
CVE-2025-57804 was published for h2 (pip) Aug 25, 2025
sebastianosrt mhils
Credited to sebastianosrt and mhils
Django is subject to SQL injection through its column aliases High
CVE-2025-57833 was published for Django (pip) Sep 8, 2025
Flask-CORS vulnerable to Improper Handling of Case Sensitivity Moderate
CVE-2024-6866 was published for flask-cors (pip) Mar 20, 2025
adrianosela
Credited to adrianosela
Flask-CORS allows for inconsistent CORS matching Moderate
CVE-2024-6844 was published for flask-cors (pip) Mar 20, 2025
adrianosela
Credited to adrianosela
Flask-CORS improper regex path matching vulnerability Moderate
CVE-2024-6839 was published for flask-cors (pip) Mar 20, 2025
adrianosela
Credited to adrianosela
Langchain-Chatchat vulnerable to path traversal Low
CVE-2025-6854 was published for langchain-chatchat (pip) Jun 29, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database