Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,090 advisories

Loading
Segmentation faultin TensorFlow when converting a Python string to `tf.float16` High
CVE-2020-5215 was published for tensorflow (pip) Jan 28, 2020
Local Privilege Escalation in PyInstaller High
CVE-2019-16784 was published for PyInstaller (pip) Jan 16, 2020
faridtsl lnv42
htgoebel
Possible remote code execution via a remote procedure call High
GHSA-9ggp-4jpr-7ppj was published for rpyc (pip) Nov 20, 2019 withdrawn
Cross-Site Scripting Moderate
GHSA-94ww-22rx-493x was published for flower (pip) Feb 24, 2021 withdrawn
Timing attack Low
GHSA-xm8r-5wh6-f46f was published for autobahn (pip) Feb 24, 2021 withdrawn
Cross-Site Scripting Moderate
GHSA-57h7-r3q3-w57j was published for djangorestframework (pip) Feb 24, 2021 withdrawn
Null pointer dereference in TensorFlow leads to exploitation Moderate
CVE-2018-7576 was published for tensorflow (pip) Apr 24, 2019
Phoenix-ws source code and data in extensions folder is publicly available High
GHSA-c8f7-x2g7-7fxj was published for phoenix-ws (pip) Jun 2, 2022
Package discontinued because Bitly lowered the free quota Low
GHSA-ggrh-grj3-vfvw was published for bitlyshortener (pip) Nov 28, 2022
Vulnerable OpenSSL included in cryptography wheels Moderate
GHSA-39hc-v87j-747x was published for cryptography (pip) Nov 2, 2022
mofh Vulnerable to Improper Restriction of XML External Entity Reference Moderate
GHSA-7r9x-qrpr-3cxw was published for mofh (pip) Aug 11, 2022
django-sendfile2 before 0.7.0 contains reflected file download vulnerability High
GHSA-pcjh-6r5h-r92r was published for django-sendfile2 (pip) Aug 11, 2022
moggers87 sergei-maertens
autogluon.multimodal vulnerable to unsafe YAML deserialization High
GHSA-6h2x-4gjf-jc5w was published for autogluon.multimodal (pip) Sep 21, 2022
sxjscience
jwcrypto token substitution can lead to authentication bypass Moderate
CVE-2022-3102 was published for jwcrypto (pip) Sep 21, 2022
Workers for local Dask clusters mistakenly listened on public interfaces Moderate
GHSA-hwqr-f3v9-hwxr was published for distributed (pip) Jul 15, 2022
ProTip! Advisories are also available from the GraphQL API