Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

365 advisories

Loading
Out-of-bounds Read Critical
CVE-2021-25288 was published for Pillow (pip) Jun 8, 2021
Special Element Injection in notebook Critical
CVE-2021-32798 was published for notebook (pip) Aug 23, 2021
0xDeva
Unrestricted Upload of File with Dangerous Type in django-widgy Critical
CVE-2020-18704 was published for django-widgy (pip) Aug 30, 2021
Out-of-bounds Read in Pillow Critical
CVE-2021-25287 was published for Pillow (pip) Jun 8, 2021
Incorrect Permission Assignment for Critical Resource in Plone Critical
CVE-2021-33509 was published for Plone (pip) Jun 15, 2021
Denial of Service in Tensorflow Critical
CVE-2020-15206 was published for tensorflow (pip) Sep 25, 2020
Integer truncation in Shard API usage Critical
CVE-2020-15202 was published for tensorflow (pip) Sep 25, 2020
Data leak in Tensorflow Critical
CVE-2020-15205 was published for tensorflow (pip) Sep 25, 2020
Koji hub call does not perform correct access checks Critical
CVE-2018-1002150 was published for koji (pip) Jul 12, 2018
Improper Restriction of XML External Entity Reference in ladon Critical
CVE-2019-1010268 was published for ladon (pip) Jul 26, 2019
Improper Authentication in Buildbot Critical
CVE-2019-12300 was published for buildbot (pip) May 29, 2019
Rdiffweb subject to Business Logic Errors Critical
CVE-2022-3363 was published for rdiffweb (pip) Oct 27, 2022
Improper Privilege Management in rdiffweb Critical
CVE-2022-4314 was published for rdiffweb (pip) Dec 12, 2022
Missing rate limit on rdiffweb Critical
CVE-2022-3439 was published for rdiffweb (pip) Oct 14, 2022
PyTorch vulnerable to arbitrary code execution Critical
CVE-2022-45907 was published for torch (pip) Nov 26, 2022
WilliamsCJ
Improper Authorization and Origin Validation Error in OneFuzz Critical
CVE-2021-37705 was published for onefuzz (pip) Aug 13, 2021
Rdiffweb is missing authentication for critical function Critical
CVE-2022-3327 was published for rdiffweb (pip) Oct 20, 2022
Octobot before 0.4.4 mishandles Tentacles upload Critical
CVE-2021-36711 was published for OctoBot (pip) Jul 17, 2022
exotel-py 0.1.6 includes code execution backdoor inserted by a third party Critical
CVE-2022-38792 was published for exotel (pip) Aug 28, 2022
rdiffweb vulnerable to Insufficient Session Expiration Critical
CVE-2022-3362 was published for rdiffweb (pip) Nov 15, 2022
Code-execution backdoor in marcador Critical
CVE-2022-28470 was published for marcador (pip) May 9, 2022
rdiffweb vulnerable to account access via session fixation Critical
CVE-2022-3269 was published for rdiffweb (pip) Sep 25, 2022
Origin Validation Error in rdiffweb Critical
CVE-2022-3457 was published for rdiffweb (pip) Oct 14, 2022
Maltego incorrectly shares a MISP connection across users in a remote-transform use case Critical
CVE-2020-12889 was published for MISP-maltego (pip) May 24, 2022
westonsteimel
Apache Airflow Hive Provider vulnerable to Command Injection Critical
CVE-2022-46421 was published for apache-airflow-providers-apache-hive (pip) Dec 20, 2022
ProTip! Advisories are also available from the GraphQL API