Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,952
Erlang
39
GitHub Actions
38
Go
2,612
Maven
5,000+
npm
4,252
NuGet
760
pip
4,027
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

518 advisories

Loading
HTTP/2 DoS Attacks: Ping, Reset, and Settings Floods Critical
GHSA-32gv-6cf3-wcmq was published for twisted (pip) Mar 14, 2022
Duplicate Advisory: Incorrect Authorization in Gerapy Critical
CVE-2021-44597 was published for gerapy (pip) Mar 11, 2022 withdrawn
Server-Side Request Forgery in calibreweb Critical
CVE-2022-0767 was published for calibreweb (pip) Mar 8, 2022
Server-Side Request Forgery in calibreweb Critical
CVE-2022-0766 was published for calibreweb (pip) Mar 8, 2022
Code Injection in PyTorch Lightning Critical
CVE-2022-0845 was published for pytorch-lightning (pip) Mar 6, 2022
oliverchang
Credited to oliverchang
Improper Authentication in Apache Spark Critical
CVE-2020-9480 was published for org.apache.spark:spark-parent_2.11 (Maven) Feb 10, 2022
NULL Pointer Dereference and Access of Uninitialized Pointer in TensorFlow Critical
GHSA-h6gw-r52c-724r was published for tensorflow (pip) Feb 9, 2022
calibre-web is vulnerable to Business Logic Errors Critical
CVE-2021-4171 was published for calibreweb (pip) Jan 21, 2022
Files on the host computer can be accessed from the Gradio interface Critical
CVE-2021-43831 was published for gradio (pip) Jan 21, 2022
haby0
Credited to haby0
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks Critical
CVE-2021-21386 was published for APKLeaks (pip) Jan 21, 2022
Ry0taK
Credited to Ry0taK
Arbitrary expression injection in Pillow Critical
CVE-2022-22817 was published for Pillow (pip) Jan 12, 2022
G-Rath
Credited to G-Rath
Gerapy may cause remote code execution Critical
CVE-2021-43857 was published for gerapy (pip) Jan 6, 2022
Arbitrary file reading vulnerability in Aim Critical
CVE-2021-43775 was published for aim (pip) Nov 23, 2021
haby0
Credited to haby0
Remote unauthenticated attackers able to upload files in Onionshare Critical
CVE-2021-41868 was published for onionshare-cli (pip) Nov 19, 2021
Improper Verification of Cryptographic Signature in starkbank-ecdsa Critical
CVE-2021-43572 was published for starkbank-ecdsa (pip) Nov 10, 2021
Incomplete validation in boosted trees code Critical
CVE-2021-41208 was published for tensorflow (pip) Nov 10, 2021
PCX P mode buffer overflow in Pillow Critical
CVE-2020-5312 was published for Pillow (pip) Nov 3, 2021
Integer overflow in Pillow Critical
CVE-2020-5310 was published for pillow (pip) Nov 3, 2021
Improper Access Control in jupyterhub-firstuseauthenticator Critical
CVE-2021-41194 was published for jupyterhub-firstuseauthenticator (pip) Oct 28, 2021
georgejhunt
Credited to georgejhunt
Remote code execution in dask Critical
CVE-2021-42343 was published for dask (pip) Oct 27, 2021
Nameko Arbitrary code execution due to YAML deserialization Critical
CVE-2021-41078 was published for nameko (pip) Oct 19, 2021
Inconsistent input sanitisation leads to XSS vectors Critical
CVE-2021-41132 was published for omero-figure (pip) Oct 14, 2021
Inadequate Encryption Strength in python-keystoneclient Critical
CVE-2013-2166 was published for python-keystoneclient (pip) Oct 12, 2021
Buffer Overflow in Pillow Critical
CVE-2021-34552 was published for pillow (pip) Oct 5, 2021
tdunlap607
Credited to tdunlap607
SQL Injection in Django Critical
CVE-2021-35042 was published for Django (pip) Sep 22, 2021
sunSUNQ
Credited to sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database