Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

365 advisories

Loading
Integer truncation in Shard API usage Critical
CVE-2020-15202 was published for tensorflow (pip) Sep 25, 2020
Data leak in Tensorflow Critical
CVE-2020-15205 was published for tensorflow (pip) Sep 25, 2020
Denial of Service in Tensorflow Critical
CVE-2020-15206 was published for tensorflow (pip) Sep 25, 2020
Markdown-supplied Shell Command Execution Critical
CVE-2020-15271 was published for lookatme (pip) Oct 27, 2020
remote code execution via cache action in MoinMoin Critical
CVE-2020-25074 was published for moin (pip) Nov 11, 2020
Implementation trusts the "me" field returned by the authorization server without verifying it Critical
GHSA-mjcr-rqjg-rhg3 was published for datasette-indieauth (pip) Nov 24, 2020
PyCA Cryptography symmetrically encrypting large values can lead to integer overflow Critical
CVE-2020-36242 was published for cryptography (pip) Feb 10, 2021
Improper Input Validation in PyYAML Critical
CVE-2020-14343 was published for PyYAML (pip) Mar 25, 2021
Arbitrary code execution in clickhouse-driver Critical
CVE-2020-26759 was published for clickhouse-driver (pip) Apr 7, 2021
xzkostyan
pwntools Server-Side Template Injection (SSTI) vulnerability Critical
CVE-2020-28468 was published for pwntools (pip) Apr 20, 2021
Improper Input Validation in PyYAML Critical
CVE-2020-1747 was published for pyyaml (pip) Apr 20, 2021
tdunlap607
Asyncpg Arbitrary Code Execution Via Access to an Uninitialized Pointer Critical
CVE-2020-17446 was published for asyncpg (pip) Apr 20, 2021
XML Injection in petl Critical
CVE-2020-29128 was published for petl (pip) Apr 20, 2021
Authentication bypass in Apache Airflow Critical
CVE-2020-13927 was published for apache-airflow (pip) Apr 30, 2021
sunSUNQ
libtaxii Server-Side Request Forgery vulnerability Critical
CVE-2020-27197 was published for libtaxii (pip) Apr 30, 2021
SVGlib Vulnerable to XXE Attacks Critical
CVE-2020-10799 was published for svglib (pip) May 6, 2021
Command injection in Gerapy Critical
CVE-2020-7698 was published for gerapy (pip) May 6, 2021
OS Command Injection in jw.util Critical
CVE-2020-13388 was published for jw.util (pip) Jun 2, 2021
Out-of-bounds Read in Pillow Critical
CVE-2021-25287 was published for Pillow (pip) Jun 8, 2021
Out-of-bounds Read Critical
CVE-2021-25288 was published for Pillow (pip) Jun 8, 2021
The Fuck Arbitrary File Deletion via Path Traversal Critical
CVE-2021-34363 was published for thefuck (pip) Jun 15, 2021
Incorrect Permission Assignment for Critical Resource in Plone Critical
CVE-2021-33509 was published for Plone (pip) Jun 15, 2021
Command injection in LocalStack Critical
CVE-2021-32090 was published for localstack (pip) Jun 18, 2021
Path traversal in impacket Critical
CVE-2021-31800 was published for impacket (pip) Jun 18, 2021
Improper Authorization and Origin Validation Error in OneFuzz Critical
CVE-2021-37705 was published for onefuzz (pip) Aug 13, 2021
ProTip! Advisories are also available from the GraphQL API