Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

365 advisories

Loading
PyTorch vulnerable to arbitrary code execution Critical
CVE-2022-45907 was published for torch (pip) Nov 26, 2022
WilliamsCJ
Missing rate limit on rdiffweb Critical
CVE-2022-3439 was published for rdiffweb (pip) Oct 14, 2022
Improper Privilege Management in rdiffweb Critical
CVE-2022-4314 was published for rdiffweb (pip) Dec 12, 2022
Rdiffweb subject to Business Logic Errors Critical
CVE-2022-3363 was published for rdiffweb (pip) Oct 27, 2022
Improper Authentication in Buildbot Critical
CVE-2019-12300 was published for buildbot (pip) May 29, 2019
Improper Restriction of XML External Entity Reference in ladon Critical
CVE-2019-1010268 was published for ladon (pip) Jul 26, 2019
Koji hub call does not perform correct access checks Critical
CVE-2018-1002150 was published for koji (pip) Jul 12, 2018
Integer truncation in Shard API usage Critical
CVE-2020-15202 was published for tensorflow (pip) Sep 25, 2020
Data leak in Tensorflow Critical
CVE-2020-15205 was published for tensorflow (pip) Sep 25, 2020
Denial of Service in Tensorflow Critical
CVE-2020-15206 was published for tensorflow (pip) Sep 25, 2020
Incorrect Permission Assignment for Critical Resource in Plone Critical
CVE-2021-33509 was published for Plone (pip) Jun 15, 2021
Out-of-bounds Read in Pillow Critical
CVE-2021-25287 was published for Pillow (pip) Jun 8, 2021
Unrestricted Upload of File with Dangerous Type in django-widgy Critical
CVE-2020-18704 was published for django-widgy (pip) Aug 30, 2021
Special Element Injection in notebook Critical
CVE-2021-32798 was published for notebook (pip) Aug 23, 2021
0xDeva
Out-of-bounds Read Critical
CVE-2021-25288 was published for Pillow (pip) Jun 8, 2021
Improper Restriction of XML External Entity Reference in Quokka Critical
CVE-2020-18703 was published for quokka (pip) Aug 30, 2021
XML External Entity vulnerability in Easy-XML Critical
CVE-2020-26705 was published for easy-xml (pip) Nov 1, 2021
Incomplete validation in boosted trees code Critical
CVE-2021-41208 was published for tensorflow (pip) Nov 10, 2021
Improper Restriction of XML External Entity Reference in Quokka Critical
CVE-2020-18705 was published for quokka (pip) Aug 30, 2021
OS Command Injection in Apache Airflow Critical
CVE-2022-40189 was published for apache-airflow (pip) Nov 22, 2022
Command Injection in Apache Airflow and Apache Airflow MySQL Provider Critical
CVE-2023-22884 was published for apache-airflow (pip) Jan 21, 2023
acryl-datahub missing JWT signature check Critical
CVE-2022-39366 was published for acryl-datahub (pip) Oct 31, 2022
artsploit pwntester
sylwia-budzynska p- Kwstubbs jorgectf
rdiffweb Improper Access Control vulnerability Critical
CVE-2022-4724 was published for rdiffweb (pip) Dec 27, 2022
PaddlePaddle Out-of-bounds Read vulnerability Critical
CVE-2022-46741 was published for paddlepaddle (pip) Dec 7, 2022
wger vulnerable to brute force attempts Critical
CVE-2022-2650 was published for wger (pip) Nov 24, 2022
ProTip! Advisories are also available from the GraphQL API