Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

429 advisories

Loading
SVGlib Vulnerable to XXE Attacks Critical
CVE-2020-10799 was published for svglib (pip) May 6, 2021
libtaxii Server-Side Request Forgery vulnerability Critical
CVE-2020-27197 was published for libtaxii (pip) Apr 30, 2021
Authentication bypass in Apache Airflow Critical
CVE-2020-13927 was published for apache-airflow (pip) Apr 30, 2021
sunSUNQ
Deserialization of Untrusted Data in PyYAML Critical
CVE-2019-20477 was published for pyyaml (pip) Apr 20, 2021
Duplicate Advisory: XML Injection in petl Critical
GHSA-69q2-p9xp-739v was published for petl (pip) Apr 20, 2021 withdrawn
Asyncpg Arbitrary Code Execution Via Access to an Uninitialized Pointer Critical
CVE-2020-17446 was published for asyncpg (pip) Apr 20, 2021
Improper Input Validation in PyYAML Critical
CVE-2020-1747 was published for pyyaml (pip) Apr 20, 2021
tdunlap607 amita-seal
pwntools Server-Side Template Injection (SSTI) vulnerability Critical
CVE-2020-28468 was published for pwntools (pip) Apr 20, 2021
Arbitrary code execution in clickhouse-driver Critical
CVE-2020-26759 was published for clickhouse-driver (pip) Apr 7, 2021
xzkostyan
Out of bounds write in Pillow Critical
CVE-2021-25289 was published for pillow (pip) Mar 29, 2021
sunSUNQ
Improper Input Validation in PyYAML Critical
CVE-2020-14343 was published for PyYAML (pip) Mar 25, 2021
Implementation trusts the "me" field returned by the authorization server without verifying it Critical
GHSA-mjcr-rqjg-rhg3 was published for datasette-indieauth (pip) Nov 24, 2020
LDAP authentication bypass with empty password Critical
CVE-2020-26214 was published for alerta-server (pip) Nov 6, 2020
CasperGN
Markdown-supplied Shell Command Execution Critical
CVE-2020-15271 was published for lookatme (pip) Oct 27, 2020
Out of bounds access in tensorflow-lite Critical
CVE-2020-15212 was published for tensorflow (pip) Sep 25, 2020
Out of bounds write in tensorflow-lite Critical
CVE-2020-15214 was published for tensorflow (pip) Sep 25, 2020
Incorrect threshold signature computation in TUF Critical
CVE-2020-6174 was published for tuf (pip) Aug 21, 2020
Out-of-bounds read in Pillow Critical
CVE-2020-11538 was published for Pillow (pip) Jul 27, 2020
Command injection via Celery broker in Apache Airflow Critical
CVE-2020-11981 was published for apache-airflow (pip) Jul 27, 2020
sunSUNQ
Insecure default config of Celery worker in Apache Airflow Critical
CVE-2020-11982 was published for apache-airflow (pip) Jul 27, 2020
sunSUNQ
Uncontrolled Resource Consumption in Indy Node Critical
CVE-2020-11090 was published for indy-node (pip) Jun 11, 2020
Django Rest Framework jwt allows obtaining new token from notionally invalidated token Critical
CVE-2020-10594 was published for drf-jwt (pip) Jun 5, 2020
Improper Verification of Cryptographic Signature in Pure-Python ECDSA Critical
CVE-2019-14859 was published for ecdsa (pip) Apr 1, 2020
Improper Input Validation in Twisted Critical
CVE-2020-10108 was published for Twisted (pip) Mar 31, 2020
HTTP Request Smuggling in Twisted Critical
CVE-2020-10109 was published for Twisted (pip) Mar 31, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database