GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
398 advisories
Filter by severity
Gerapy may cause remote code execution
Critical
CVE-2021-43857
was published
for
gerapy
(pip)
Jan 6, 2022
Remote unauthenticated attackers able to upload files in Onionshare
Critical
CVE-2021-41868
was published
for
onionshare-cli
(pip)
Nov 19, 2021
Improper Verification of Cryptographic Signature in starkbank-ecdsa
Critical
CVE-2021-43572
was published
for
starkbank-ecdsa
(pip)
Nov 10, 2021
Incomplete validation in boosted trees code
Critical
CVE-2021-41208
was published
for
tensorflow
(pip)
Nov 10, 2021
XML External Entity vulnerability in Easy-XML
Critical
CVE-2020-26705
was published
for
easy-xml
(pip)
Nov 1, 2021
Improper Access Control in jupyterhub-firstuseauthenticator
Critical
CVE-2021-41194
was published
for
jupyterhub-firstuseauthenticator
(pip)
Oct 28, 2021
Inconsistent input sanitisation leads to XSS vectors
Critical
CVE-2021-41132
was published
for
omero-figure
(pip)
Oct 14, 2021
Inadequate Encryption Strength in python-keystoneclient
Critical
CVE-2013-2166
was published
for
python-keystoneclient
(pip)
Oct 12, 2021
Lacking Protection against HTTP Request Smuggling in mitmproxy
Critical
CVE-2021-39214
was published
for
mitmproxy
(pip)
Sep 20, 2021
Improper Restriction of XML External Entity Reference in Quokka
Critical
CVE-2020-18705
was published
for
quokka
(pip)
Aug 30, 2021
Unrestricted Upload of File with Dangerous Type in django-widgy
Critical
CVE-2020-18704
was published
for
django-widgy
(pip)
Aug 30, 2021
Improper Restriction of XML External Entity Reference in Quokka
Critical
CVE-2020-18703
was published
for
quokka
(pip)
Aug 30, 2021
remote code execution via git repo provider
Critical
CVE-2021-39159
was published
for
binderhub
(pip)
Aug 30, 2021
Potential memory corruption in arrayfire
Critical
CVE-2018-20998
was published
for
arrayfire
(pip)
Aug 25, 2021
Arbitrary code execution due to YAML deserialization
Critical
CVE-2021-37678
was published
for
tensorflow
(pip)
Aug 25, 2021
Improper Authorization and Origin Validation Error in OneFuzz
Critical
CVE-2021-37705
was published
for
onefuzz
(pip)
Aug 13, 2021
Command injection in LocalStack
Critical
CVE-2021-32090
was published
for
localstack
(pip)
Jun 18, 2021
Incorrect Permission Assignment for Critical Resource in Plone
Critical
CVE-2021-33509
was published
for
Plone
(pip)
Jun 15, 2021
The Fuck Arbitrary File Deletion via Path Traversal
Critical
CVE-2021-34363
was published
for
thefuck
(pip)
Jun 15, 2021
ProTip!
Advisories are also available from the
GraphQL API