Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,121 advisories

Loading
Reference binding to nullptr in `RaggedTensorToVariant` High
CVE-2021-37666 was published for tensorflow (pip) Aug 25, 2021
Reference binding to nullptr in unicode encoding High
CVE-2021-37667 was published for tensorflow (pip) Aug 25, 2021
Reference binding to nullptr in map operations High
CVE-2021-37671 was published for tensorflow (pip) Aug 25, 2021
Reference binding to nullptr in shape inference High
CVE-2021-37676 was published for tensorflow (pip) Aug 25, 2021
Heap OOB in nested `tf.map_fn` with `RaggedTensor`s High
CVE-2021-37679 was published for tensorflow (pip) Aug 25, 2021
NPE in TFLite High
CVE-2021-37681 was published for tensorflow (pip) Aug 25, 2021
Null pointer dereference in TFLite High
CVE-2021-37688 was published for tensorflow (pip) Aug 25, 2021
Null pointer dereference in TFLite MLIR optimizations High
CVE-2021-37689 was published for tensorflow (pip) Aug 25, 2021
KateCatlin
JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form> High
CVE-2021-32797 was published for jupyterlab (pip) Aug 23, 2021
0xDeva
Command injection in Yamale High
CVE-2021-38305 was published for yamale (pip) Aug 11, 2021
ReDOS in Mpmath High
CVE-2021-29063 was published for mpmath (pip) Aug 9, 2021
bryan-rhm
Remote Code Execution via Script (Python) objects under Python 3 High
CVE-2021-32811 was published for Zope (pip) Aug 5, 2021
Storage corruption due to variables overwritten by re-entrancy locks High
GHSA-7f92-rr6w-cq64 was published for vyper (pip) Aug 5, 2021
pandadefi charles-cooper
iamdefinitelyahuman
XML2Dict XML Entity Expansion Vulnerability High
CVE-2021-25951 was published for XML2Dict (pip) Jul 2, 2021
Deserialization of Untrusted Data in Tendenci High
CVE-2020-14942 was published for tendenci (pip) Jun 18, 2021
Server-Side Request Forgery in Plone High
CVE-2021-33511 was published for Plone (pip) Jun 15, 2021
Path Traversal in Zope High
CVE-2021-32633 was published for Zope (pip) Jun 15, 2021
Duplicate Advisory: Reflected cross-site scripting issue in Datasette High
GHSA-gff3-739c-gxfq was published for datasette (pip) Jun 10, 2021 withdrawn
Path Traversal in Zope High
CVE-2021-32674 was published for Zope (pip) Jun 10, 2021
Django Access Control Bypass possibly leading to SSRF, RFI, and LFI attacks High
CVE-2021-33571 was published for Django (pip) Jun 10, 2021
tdunlap607
Cross-Site Request Forgery (CSRF) in FastAPI High
CVE-2021-32677 was published for fastapi (pip) Jun 10, 2021
b0g3r
Path Traversal in pip High
CVE-2019-20916 was published for pip (pip) Jun 9, 2021
Insufficient Session Expiration in OpenStack Keystone High
CVE-2020-12690 was published for keystone (pip) Jun 9, 2021
Uncontrolled Resource Consumption in Pillow High
CVE-2021-28677 was published for Pillow (pip) Jun 8, 2021
sunSUNQ
Potential infinite loop in Pillow High
CVE-2021-28676 was published for Pillow (pip) Jun 8, 2021
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database