GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
365 advisories
Filter by severity
libtaxii Server-Side Request Forgery vulnerability
Critical
CVE-2020-27197
was published
for
libtaxii
(pip)
Apr 30, 2021
Authentication bypass in Apache Airflow
Critical
CVE-2020-13927
was published
for
apache-airflow
(pip)
Apr 30, 2021
Asyncpg Arbitrary Code Execution Via Access to an Uninitialized Pointer
Critical
CVE-2020-17446
was published
for
asyncpg
(pip)
Apr 20, 2021
Improper Input Validation in PyYAML
Critical
CVE-2020-1747
was published
for
pyyaml
(pip)
Apr 20, 2021
pwntools Server-Side Template Injection (SSTI) vulnerability
Critical
CVE-2020-28468
was published
for
pwntools
(pip)
Apr 20, 2021
Arbitrary code execution in clickhouse-driver
Critical
CVE-2020-26759
was published
for
clickhouse-driver
(pip)
Apr 7, 2021
Improper Input Validation in PyYAML
Critical
CVE-2020-14343
was published
for
PyYAML
(pip)
Mar 25, 2021
PyCA Cryptography symmetrically encrypting large values can lead to integer overflow
Critical
CVE-2020-36242
was published
for
cryptography
(pip)
Feb 10, 2021
Implementation trusts the "me" field returned by the authorization server without verifying it
Critical
GHSA-mjcr-rqjg-rhg3
was published
for
datasette-indieauth
(pip)
Nov 24, 2020
remote code execution via cache action in MoinMoin
Critical
CVE-2020-25074
was published
for
moin
(pip)
Nov 11, 2020
Markdown-supplied Shell Command Execution
Critical
CVE-2020-15271
was published
for
lookatme
(pip)
Oct 27, 2020
Denial of Service in Tensorflow
Critical
CVE-2020-15206
was published
for
tensorflow
(pip)
Sep 25, 2020
Integer truncation in Shard API usage
Critical
CVE-2020-15202
was published
for
tensorflow
(pip)
Sep 25, 2020
Incorrect threshold signature computation in TUF
Critical
CVE-2020-6174
was published
for
tuf
(pip)
Aug 21, 2020
Insecure default config of Celery worker in Apache Airflow
Critical
CVE-2020-11982
was published
for
apache-airflow
(pip)
Jul 27, 2020
Command injection via Celery broker in Apache Airflow
Critical
CVE-2020-11981
was published
for
apache-airflow
(pip)
Jul 27, 2020
Django Rest Framework jwt allows obtaining new token from notionally invalidated token
Critical
CVE-2020-10594
was published
for
drf-jwt
(pip)
Jun 5, 2020
Improper Verification of Cryptographic Signature in Pure-Python ECDSA
Critical
CVE-2019-14859
was published
for
ecdsa
(pip)
Apr 1, 2020
Improper Input Validation in Twisted
Critical
CVE-2020-10108
was published
for
Twisted
(pip)
Mar 31, 2020
HTTP Request Smuggling in Twisted
Critical
CVE-2020-10109
was published
for
Twisted
(pip)
Mar 31, 2020
Potential buffer overflow in psd-tools
Critical
CVE-2020-10571
was published
for
psd-tools
(pip)
Mar 16, 2020
python-docutils allows insecure usage of temporary files
Critical
CVE-2009-5042
was published
for
docutils
(pip)
Mar 13, 2020
Insufficient Verification of Data Authenticity in python-keystoneclient
Critical
CVE-2013-2167
was published
for
python-keystoneclient
(pip)
Mar 10, 2020
ProTip!
Advisories are also available from the
GraphQL API