GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
349 advisories
Django Incorrect Default Permissions
High
CVE-2020-24584
was published
for
django
(pip)
Mar 18, 2021
Pillow Uncontrolled Resource Consumption
High
CVE-2021-27922
was published
for
Pillow
(pip)
Mar 18, 2021
Pillow Denial of Service by Uncontrolled Resource Consumption
High
CVE-2021-27921
was published
for
Pillow
(pip)
Mar 18, 2021
Pillow Denial of Service by Uncontrolled Resource Consumption
High
CVE-2021-27923
was published
for
Pillow
(pip)
Mar 18, 2021
XML External Entity (XXE) Injection in Jackson Databind
High
CVE-2020-25649
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Feb 18, 2021
Deserialization of untrusted data in jackson-databind
High
CVE-2021-20190
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 20, 2021
SSRF vulnerability in Arache Airflow
Moderate
CVE-2020-17513
was published
for
apache-airflow
(pip)
Dec 17, 2020
Insecure default config of Celery worker in Apache Airflow
Critical
CVE-2020-11982
was published
for
apache-airflow
(pip)
Jul 27, 2020
Remote code execution in Apache Airflow
High
CVE-2020-11978
was published
for
apache-airflow
(pip)
Jul 27, 2020
Command injection via Celery broker in Apache Airflow
Critical
CVE-2020-11981
was published
for
apache-airflow
(pip)
Jul 27, 2020
Deserialization of Untrusted Data in jackson-databind
High
CVE-2018-5968
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 30, 2020
Deserialization of untrusted data in Jackson Databind
High
CVE-2020-14060
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 18, 2020
Deserialization of untrusted data in Jackson Databind
High
CVE-2020-14195
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 18, 2020
Deserialization of Untrusted Data
High
CVE-2018-12023
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 15, 2020
Apache ActiveMQ webconsole admin GUI is open to XSS
Moderate
CVE-2020-1941
was published
for
org.apache.activemq:activemq-web-console
(Maven)
May 21, 2020
Potential remote code execution in Apache Tomcat
High
CVE-2020-9484
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
May 21, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
Critical
CVE-2020-9548
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-10968
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-11113
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-11620
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Apr 23, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-10672
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Apr 23, 2020
ProTip!
Advisories are also available from the
GraphQL API