Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

365 advisories

Loading
Special Element Injection in notebook Critical
CVE-2021-32798 was published for notebook (pip) Aug 23, 2021
0xDeva
Arbitrary code execution due to YAML deserialization Critical
CVE-2021-37678 was published for tensorflow (pip) Aug 25, 2021
Potential memory corruption in arrayfire Critical
CVE-2018-20998 was published for arrayfire (pip) Aug 25, 2021
westonsteimel
remote code execution via git repo provider Critical
CVE-2021-39159 was published for binderhub (pip) Aug 30, 2021
dreyercito rccern
Improper Restriction of XML External Entity Reference in Quokka Critical
CVE-2020-18703 was published for quokka (pip) Aug 30, 2021
Unrestricted Upload of File with Dangerous Type in django-widgy Critical
CVE-2020-18704 was published for django-widgy (pip) Aug 30, 2021
Improper Restriction of XML External Entity Reference in Quokka Critical
CVE-2020-18705 was published for quokka (pip) Aug 30, 2021
Command Injection in Simiki Critical
CVE-2020-19001 was published for simiki (pip) Sep 1, 2021
SQL Injection in Django Critical
CVE-2021-35042 was published for Django (pip) Sep 22, 2021
sunSUNQ
Buffer Overflow in Pillow Critical
CVE-2021-34552 was published for pillow (pip) Oct 5, 2021
tdunlap607
Inadequate Encryption Strength in python-keystoneclient Critical
CVE-2013-2166 was published for python-keystoneclient (pip) Oct 12, 2021
Inconsistent input sanitisation leads to XSS vectors Critical
CVE-2021-41132 was published for omero-figure (pip) Oct 14, 2021
Remote code execution in dask Critical
CVE-2021-42343 was published for distributed (pip) Oct 27, 2021
Improper Access Control in jupyterhub-firstuseauthenticator Critical
CVE-2021-41194 was published for jupyterhub-firstuseauthenticator (pip) Oct 28, 2021
georgejhunt
XML External Entity vulnerability in Easy-XML Critical
CVE-2020-26705 was published for easy-xml (pip) Nov 1, 2021
Incomplete validation in boosted trees code Critical
CVE-2021-41208 was published for tensorflow (pip) Nov 10, 2021
Improper Verification of Cryptographic Signature in starkbank-ecdsa Critical
CVE-2021-43572 was published for starkbank-ecdsa (pip) Nov 10, 2021
Remote unauthenticated attackers able to upload files in Onionshare Critical
CVE-2021-41868 was published for onionshare-cli (pip) Nov 19, 2021
Gerapy < 0.9.8 may cause remote code execution Critical
CVE-2021-43857 was published for gerapy (pip) Jan 6, 2022
Arbitrary expression injection in Pillow Critical
CVE-2022-22817 was published for Pillow (pip) Jan 12, 2022
G-Rath
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks Critical
CVE-2021-21386 was published for APKLeaks (pip) Jan 21, 2022
Ry0taK
calibre-web is vulnerable to Business Logic Errors Critical
CVE-2021-4171 was published for calibreweb (pip) Jan 21, 2022
NULL Pointer Dereference and Access of Uninitialized Pointer in TensorFlow Critical
GHSA-h6gw-r52c-724r was published for tensorflow (pip) Feb 9, 2022
Code Injection in PyTorch Lightning Critical
CVE-2022-0845 was published for pytorch-lightning (pip) Mar 6, 2022
oliverchang
Server-Side Request Forgery in calibreweb Critical
CVE-2022-0767 was published for calibreweb (pip) Mar 8, 2022
ProTip! Advisories are also available from the GraphQL API