GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
397 advisories
Filter by severity
SaltStack Salt Remote command execution and incorrect access control when using salt-api
Critical
CVE-2018-15751
was published
for
salt
(pip)
May 13, 2022
Sony Neural Network Libraries reliance on untrusted inputs prior to v1.0.10
Critical
CVE-2019-10844
was published
for
nnabla
(pip)
May 13, 2022
Ansible Insertion of Sensitive Information into Log File vulnerability
Critical
CVE-2017-7550
was published
for
ansible
(pip)
May 13, 2022
Code-execution backdoor in marcador
Critical
CVE-2022-28470
was published
for
marcador
(pip)
May 9, 2022
Argument injection in python-libnmap
Critical
CVE-2022-30284
was published
for
python-libnmap
(pip)
May 6, 2022
Tenant and Verifier might not use the same registrar data
Critical
CVE-2022-1053
was published
for
keylime
(pip)
May 5, 2022
ReviewBoard and Djblets library are vulnerable to code execution
Critical
CVE-2013-4409
was published
for
ReviewBoard
(pip)
May 5, 2022
Improper Input Validation in httpx
Critical
CVE-2021-41945
was published
for
httpx
(pip)
Apr 29, 2022
SQL injection in apache-superset
Critical
CVE-2022-27479
was published
for
apache-superset
(pip)
Apr 14, 2022
Use of Externally-Controlled Format String in consoleme
Critical
CVE-2022-27177
was published
for
consoleme
(pip)
Apr 3, 2022
Poetry before v1.1.9 contains Untrusted Search Path
Critical
CVE-2022-26184
was published
for
poetry
(pip)
Mar 23, 2022
Insufficient Protection against HTTP Request Smuggling in mitmproxy
Critical
CVE-2022-24766
was published
for
mitmproxy
(pip)
Mar 22, 2022
Command injection in libvcs and vcspull
Critical
CVE-2022-21187
was published
for
libvcs
(pip)
Mar 15, 2022
HTTP/2 DoS Attacks: Ping, Reset, and Settings Floods
Critical
GHSA-32gv-6cf3-wcmq
was published
for
twisted
(pip)
Mar 14, 2022
Duplicate Advisory: Incorrect Authorization in Gerapy
Critical
CVE-2021-44597
was published
for
gerapy
(pip)
Mar 11, 2022
•
withdrawn
Server-Side Request Forgery in calibreweb
Critical
CVE-2022-0767
was published
for
calibreweb
(pip)
Mar 8, 2022
Server-Side Request Forgery in calibreweb
Critical
CVE-2022-0766
was published
for
calibreweb
(pip)
Mar 8, 2022
Code Injection in PyTorch Lightning
Critical
CVE-2022-0845
was published
for
pytorch-lightning
(pip)
Mar 6, 2022
NULL Pointer Dereference and Access of Uninitialized Pointer in TensorFlow
Critical
GHSA-h6gw-r52c-724r
was published
for
tensorflow
(pip)
Feb 9, 2022
calibre-web is vulnerable to Business Logic Errors
Critical
CVE-2021-4171
was published
for
calibreweb
(pip)
Jan 21, 2022
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks
Critical
CVE-2021-21386
was published
for
APKLeaks
(pip)
Jan 21, 2022
Arbitrary expression injection in Pillow
Critical
CVE-2022-22817
was published
for
Pillow
(pip)
Jan 12, 2022
ProTip!
Advisories are also available from the
GraphQL API