Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,904
Erlang
38
GitHub Actions
38
Go
2,566
Maven
5,000+
npm
4,237
NuGet
753
pip
4,001
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

516 advisories

Loading
Improper Restriction of XML External Entity Reference in Quokka Critical
CVE-2020-18705 was published for quokka (pip) Aug 30, 2021
Unrestricted Upload of File with Dangerous Type in django-widgy Critical
CVE-2020-18704 was published for django-widgy (pip) Aug 30, 2021
Improper Restriction of XML External Entity Reference in Quokka Critical
CVE-2020-18703 was published for quokka (pip) Aug 30, 2021
remote code execution via git repo provider Critical
CVE-2021-39159 was published for binderhub (pip) Aug 30, 2021
dreyercito rccern
Credited to dreyercito and rccern
Potential memory corruption in arrayfire Critical
CVE-2018-20998 was published for arrayfire (pip) Aug 25, 2021
westonsteimel
Credited to westonsteimel
Improper Authorization and Origin Validation Error in OneFuzz Critical
CVE-2021-37705 was published for onefuzz (pip) Aug 13, 2021
Path traversal in impacket Critical
CVE-2021-31800 was published for impacket (pip) Jun 18, 2021
Command injection in LocalStack Critical
CVE-2021-32090 was published for localstack (pip) Jun 18, 2021
Deserialization of Untrusted Data in Tendenci Critical
CVE-2020-14942 was published for tendenci (pip) Jun 18, 2021
Incorrect Permission Assignment for Critical Resource in Plone Critical
CVE-2021-33509 was published for Plone (pip) Jun 15, 2021
OS Command Injection in jw.util Critical
CVE-2020-13388 was published for jw.util (pip) Jun 2, 2021
Command injection in Gerapy Critical
CVE-2020-7698 was published for gerapy (pip) May 6, 2021
SVGlib Vulnerable to XXE Attacks Critical
CVE-2020-10799 was published for svglib (pip) May 6, 2021
libtaxii Server-Side Request Forgery vulnerability Critical
CVE-2020-27197 was published for libtaxii (pip) Apr 30, 2021
Authentication bypass in Apache Airflow Critical
CVE-2020-13927 was published for apache-airflow (pip) Apr 30, 2021
sunSUNQ
Credited to sunSUNQ
Deserialization of Untrusted Data in PyYAML Critical
CVE-2019-20477 was published for pyyaml (pip) Apr 20, 2021
Duplicate Advisory: XML Injection in petl Critical
GHSA-69q2-p9xp-739v was published for petl (pip) Apr 20, 2021 withdrawn
Asyncpg Arbitrary Code Execution Via Access to an Uninitialized Pointer Critical
CVE-2020-17446 was published for asyncpg (pip) Apr 20, 2021
Improper Input Validation in PyYAML Critical
CVE-2020-1747 was published for pyyaml (pip) Apr 20, 2021
tdunlap607 amita-seal
Credited to tdunlap607 and amita-seal
pwntools Server-Side Template Injection (SSTI) vulnerability Critical
CVE-2020-28468 was published for pwntools (pip) Apr 20, 2021
Arbitrary code execution in clickhouse-driver Critical
CVE-2020-26759 was published for clickhouse-driver (pip) Apr 7, 2021
xzkostyan
Credited to xzkostyan
Out of bounds write in Pillow Critical
CVE-2021-25289 was published for pillow (pip) Mar 29, 2021
sunSUNQ
Credited to sunSUNQ
Improper Input Validation in PyYAML Critical
CVE-2020-14343 was published for PyYAML (pip) Mar 25, 2021
Implementation trusts the "me" field returned by the authorization server without verifying it Critical
GHSA-mjcr-rqjg-rhg3 was published for datasette-indieauth (pip) Nov 24, 2020
LDAP authentication bypass with empty password Critical
CVE-2020-26214 was published for alerta-server (pip) Nov 6, 2020
CasperGN
Credited to CasperGN
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database