Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,002 advisories

Loading
regular expression denial-of-service (ReDoS) in Bleach High
CVE-2020-6817 was published for bleach (pip) Mar 30, 2020
Out-of-bounds Read in Pillow High
CVE-2020-5313 was published for Pillow (pip) Apr 1, 2020
Uncontrolled Resource Consumption in Pillow High
CVE-2019-19911 was published for Pillow (pip) Apr 1, 2020
Depth counting error in guard() leading to multiple potential security issues in aioxmpp High
CVE-2019-1000007 was published for aioxmpp (pip) Apr 29, 2020
Improper Verification of Cryptographic Signature in PySAML2 High
CVE-2020-5390 was published for pysaml2 (pip) May 6, 2020
SQL injection in Django High
CVE-2020-9402 was published for django (pip) Jun 5, 2020
sunSUNQ
django-nopassword stores secrets in cleartext High
CVE-2019-10682 was published for django-nopassword (pip) Jun 5, 2020
Uncontrolled Resource Consumption in Indy Node High
CVE-2020-11090 was published for indy-node (pip) Jun 11, 2020
User passwords are stored in clear text in the Django session High
CVE-2020-15105 was published for django-two-factor-auth (pip) Jul 10, 2020
nickcatal liewegas
benweissmann
Remote code execution in Apache Airflow High
CVE-2020-11978 was published for apache-airflow (pip) Jul 27, 2020
sunSUNQ
Out-of-bounds read in Pillow High
CVE-2020-11538 was published for Pillow (pip) Jul 27, 2020
Buffer overflow in Pillow High
CVE-2020-10379 was published for Pillow (pip) Jul 27, 2020
Log injection in uvicorn High
CVE-2020-7694 was published for uvicorn (pip) Jul 29, 2020
tdunlap607
HTTP response splitting in uvicorn High
CVE-2020-7695 was published for uvicorn (pip) Jul 29, 2020
Arbitrary Code Generation High
CVE-2020-15142 was published for openapi-python-client (pip) Aug 20, 2020
emann dtkav
dbanty westonsteimel
Remote Code Execution in Red Discord Bot High
CVE-2020-15140 was published for Red-DiscordBot (pip) Aug 21, 2020
douglascdev
Remote Code Execution in Red Discord Bot High
CVE-2020-15147 was published for Red-DiscordBot (pip) Aug 21, 2020
Jackenmen
Invalid root may become trusted root in The Update Framework (TUF) High
CVE-2020-15163 was published for tuf (pip) Sep 9, 2020
FlorianVeaux
Heap buffer overflow in Tensorflow High
CVE-2020-15196 was published for tensorflow (pip) Sep 25, 2020
Memory corruption in Tensorflow High
CVE-2020-15193 was published for tensorflow (pip) Sep 25, 2020
Heap buffer overflow in Tensorflow High
CVE-2020-15195 was published for tensorflow (pip) Sep 25, 2020
Denial of Service in Tensorflow High
CVE-2020-15203 was published for tensorflow (pip) Sep 25, 2020
Segfault and data corruption in tensorflow-lite High
CVE-2020-15207 was published for tensorflow (pip) Sep 25, 2020
Data corruption in tensorflow-lite High
CVE-2020-15208 was published for tensorflow (pip) Sep 25, 2020
Out of bounds write in tensorflow-lite High
CVE-2020-15214 was published for tensorflow (pip) Sep 25, 2020
ProTip! Advisories are also available from the GraphQL API