GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
365 advisories
Filter by severity
Special Element Injection in notebook
Critical
CVE-2021-32798
was published
for
notebook
(pip)
Aug 23, 2021
Arbitrary code execution due to YAML deserialization
Critical
CVE-2021-37678
was published
for
tensorflow
(pip)
Aug 25, 2021
Potential memory corruption in arrayfire
Critical
CVE-2018-20998
was published
for
arrayfire
(pip)
Aug 25, 2021
remote code execution via git repo provider
Critical
CVE-2021-39159
was published
for
binderhub
(pip)
Aug 30, 2021
Improper Restriction of XML External Entity Reference in Quokka
Critical
CVE-2020-18703
was published
for
quokka
(pip)
Aug 30, 2021
Unrestricted Upload of File with Dangerous Type in django-widgy
Critical
CVE-2020-18704
was published
for
django-widgy
(pip)
Aug 30, 2021
Improper Restriction of XML External Entity Reference in Quokka
Critical
CVE-2020-18705
was published
for
quokka
(pip)
Aug 30, 2021
Inadequate Encryption Strength in python-keystoneclient
Critical
CVE-2013-2166
was published
for
python-keystoneclient
(pip)
Oct 12, 2021
Inconsistent input sanitisation leads to XSS vectors
Critical
CVE-2021-41132
was published
for
omero-figure
(pip)
Oct 14, 2021
Remote code execution in dask
Critical
CVE-2021-42343
was published
for
distributed
(pip)
Oct 27, 2021
Improper Access Control in jupyterhub-firstuseauthenticator
Critical
CVE-2021-41194
was published
for
jupyterhub-firstuseauthenticator
(pip)
Oct 28, 2021
XML External Entity vulnerability in Easy-XML
Critical
CVE-2020-26705
was published
for
easy-xml
(pip)
Nov 1, 2021
Incomplete validation in boosted trees code
Critical
CVE-2021-41208
was published
for
tensorflow
(pip)
Nov 10, 2021
Improper Verification of Cryptographic Signature in starkbank-ecdsa
Critical
CVE-2021-43572
was published
for
starkbank-ecdsa
(pip)
Nov 10, 2021
Remote unauthenticated attackers able to upload files in Onionshare
Critical
CVE-2021-41868
was published
for
onionshare-cli
(pip)
Nov 19, 2021
Gerapy < 0.9.8 may cause remote code execution
Critical
CVE-2021-43857
was published
for
gerapy
(pip)
Jan 6, 2022
Arbitrary expression injection in Pillow
Critical
CVE-2022-22817
was published
for
Pillow
(pip)
Jan 12, 2022
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks
Critical
CVE-2021-21386
was published
for
APKLeaks
(pip)
Jan 21, 2022
calibre-web is vulnerable to Business Logic Errors
Critical
CVE-2021-4171
was published
for
calibreweb
(pip)
Jan 21, 2022
NULL Pointer Dereference and Access of Uninitialized Pointer in TensorFlow
Critical
GHSA-h6gw-r52c-724r
was published
for
tensorflow
(pip)
Feb 9, 2022
Code Injection in PyTorch Lightning
Critical
CVE-2022-0845
was published
for
pytorch-lightning
(pip)
Mar 6, 2022
Server-Side Request Forgery in calibreweb
Critical
CVE-2022-0767
was published
for
calibreweb
(pip)
Mar 8, 2022
ProTip!
Advisories are also available from the
GraphQL API