GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
365 advisories
Filter by severity
Integer truncation in Shard API usage
Critical
CVE-2020-15202
was published
for
tensorflow
(pip)
Sep 25, 2020
Denial of Service in Tensorflow
Critical
CVE-2020-15206
was published
for
tensorflow
(pip)
Sep 25, 2020
Markdown-supplied Shell Command Execution
Critical
CVE-2020-15271
was published
for
lookatme
(pip)
Oct 27, 2020
remote code execution via cache action in MoinMoin
Critical
CVE-2020-25074
was published
for
moin
(pip)
Nov 11, 2020
Implementation trusts the "me" field returned by the authorization server without verifying it
Critical
GHSA-mjcr-rqjg-rhg3
was published
for
datasette-indieauth
(pip)
Nov 24, 2020
PyCA Cryptography symmetrically encrypting large values can lead to integer overflow
Critical
CVE-2020-36242
was published
for
cryptography
(pip)
Feb 10, 2021
Improper Input Validation in PyYAML
Critical
CVE-2020-14343
was published
for
PyYAML
(pip)
Mar 25, 2021
Arbitrary code execution in clickhouse-driver
Critical
CVE-2020-26759
was published
for
clickhouse-driver
(pip)
Apr 7, 2021
pwntools Server-Side Template Injection (SSTI) vulnerability
Critical
CVE-2020-28468
was published
for
pwntools
(pip)
Apr 20, 2021
Improper Input Validation in PyYAML
Critical
CVE-2020-1747
was published
for
pyyaml
(pip)
Apr 20, 2021
Asyncpg Arbitrary Code Execution Via Access to an Uninitialized Pointer
Critical
CVE-2020-17446
was published
for
asyncpg
(pip)
Apr 20, 2021
Authentication bypass in Apache Airflow
Critical
CVE-2020-13927
was published
for
apache-airflow
(pip)
Apr 30, 2021
libtaxii Server-Side Request Forgery vulnerability
Critical
CVE-2020-27197
was published
for
libtaxii
(pip)
Apr 30, 2021
The Fuck Arbitrary File Deletion via Path Traversal
Critical
CVE-2021-34363
was published
for
thefuck
(pip)
Jun 15, 2021
Incorrect Permission Assignment for Critical Resource in Plone
Critical
CVE-2021-33509
was published
for
Plone
(pip)
Jun 15, 2021
Command injection in LocalStack
Critical
CVE-2021-32090
was published
for
localstack
(pip)
Jun 18, 2021
Improper Authorization and Origin Validation Error in OneFuzz
Critical
CVE-2021-37705
was published
for
onefuzz
(pip)
Aug 13, 2021
ProTip!
Advisories are also available from the
GraphQL API