Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

480 advisories

Loading
Deserialization of Untrusted Data in PyYAML Critical
CVE-2019-20477 was published for pyyaml (pip) Apr 20, 2021
Authentication bypass in Apache Airflow Critical
CVE-2020-13927 was published for apache-airflow (pip) Apr 30, 2021
sunSUNQ
libtaxii Server-Side Request Forgery vulnerability Critical
CVE-2020-27197 was published for libtaxii (pip) Apr 30, 2021
SVGlib Vulnerable to XXE Attacks Critical
CVE-2020-10799 was published for svglib (pip) May 6, 2021
Command injection in Gerapy Critical
CVE-2020-7698 was published for gerapy (pip) May 6, 2021
OS Command Injection in jw.util Critical
CVE-2020-13388 was published for jw.util (pip) Jun 2, 2021
Incorrect Permission Assignment for Critical Resource in Plone Critical
CVE-2021-33509 was published for Plone (pip) Jun 15, 2021
Deserialization of Untrusted Data in Tendenci Critical
CVE-2020-14942 was published for tendenci (pip) Jun 18, 2021
Command injection in LocalStack Critical
CVE-2021-32090 was published for localstack (pip) Jun 18, 2021
Path traversal in impacket Critical
CVE-2021-31800 was published for impacket (pip) Jun 18, 2021
Improper Authorization and Origin Validation Error in OneFuzz Critical
CVE-2021-37705 was published for onefuzz (pip) Aug 13, 2021
Potential memory corruption in arrayfire Critical
CVE-2018-20998 was published for arrayfire (pip) Aug 25, 2021
westonsteimel
remote code execution via git repo provider Critical
CVE-2021-39159 was published for binderhub (pip) Aug 30, 2021
dreyercito rccern
Improper Restriction of XML External Entity Reference in Quokka Critical
CVE-2020-18703 was published for quokka (pip) Aug 30, 2021
Unrestricted Upload of File with Dangerous Type in django-widgy Critical
CVE-2020-18704 was published for django-widgy (pip) Aug 30, 2021
Improper Restriction of XML External Entity Reference in Quokka Critical
CVE-2020-18705 was published for quokka (pip) Aug 30, 2021
Command Injection in Simiki Critical
CVE-2020-19001 was published for simiki (pip) Sep 1, 2021
Lacking Protection against HTTP Request Smuggling in mitmproxy Critical
CVE-2021-39214 was published for mitmproxy (pip) Sep 20, 2021
chinchila mhils
SQL Injection in Django Critical
CVE-2021-35042 was published for Django (pip) Sep 22, 2021
sunSUNQ
Buffer Overflow in Pillow Critical
CVE-2021-34552 was published for pillow (pip) Oct 5, 2021
tdunlap607
Inadequate Encryption Strength in python-keystoneclient Critical
CVE-2013-2166 was published for python-keystoneclient (pip) Oct 12, 2021
Inconsistent input sanitisation leads to XSS vectors Critical
CVE-2021-41132 was published for omero-figure (pip) Oct 14, 2021
Nameko Arbitrary code execution due to YAML deserialization Critical
CVE-2021-41078 was published for nameko (pip) Oct 19, 2021
Remote code execution in dask Critical
CVE-2021-42343 was published for dask (pip) Oct 27, 2021
Improper Access Control in jupyterhub-firstuseauthenticator Critical
CVE-2021-41194 was published for jupyterhub-firstuseauthenticator (pip) Oct 28, 2021
georgejhunt
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database