Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,075
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+

362 advisories

Loading
ReviewBoard and Djblets library are vulnerable to code execution Critical
CVE-2013-4409 was published for ReviewBoard (pip) May 5, 2022
Improper Input Validation in httpx Critical
CVE-2021-41945 was published for httpx (pip) Apr 29, 2022
lebr0nli Bibo-Joshi
AngellusMortis marcoaaguiar br3ndonland
SQL injection in apache-superset Critical
CVE-2022-27479 was published for apache-superset (pip) Apr 14, 2022
SQL Injection in Django Critical
CVE-2022-28347 was published for Django (pip) Apr 13, 2022
SQL Injection in Django Critical
CVE-2022-28346 was published for Django (pip) Apr 13, 2022
Use of Externally-Controlled Format String in consoleme Critical
CVE-2022-27177 was published for consoleme (pip) Apr 3, 2022
Poetry before v1.1.9 contains Untrusted Search Path Critical
CVE-2022-26184 was published for poetry (pip) Mar 23, 2022
Insufficient Protection against HTTP Request Smuggling in mitmproxy Critical
CVE-2022-24766 was published for mitmproxy (pip) Mar 22, 2022
zeyu2001
HTTP/2 DoS Attacks: Ping, Reset, and Settings Floods Critical
GHSA-32gv-6cf3-wcmq was published for twisted (pip) Mar 14, 2022
Path traversal in Pillow Critical
CVE-2022-24303 was published for Pillow (pip) Mar 11, 2022
sunSUNQ
Duplicate Advisory: Incorrect Authorization in Gerapy Critical
CVE-2021-44597 was published for gerapy (pip) Mar 11, 2022 withdrawn
Server-Side Request Forgery in calibreweb Critical
CVE-2022-0767 was published for calibreweb (pip) Mar 8, 2022
Server-Side Request Forgery in calibreweb Critical
CVE-2022-0766 was published for calibreweb (pip) Mar 8, 2022
Code Injection in PyTorch Lightning Critical
CVE-2022-0845 was published for pytorch-lightning (pip) Mar 6, 2022
oliverchang
NULL Pointer Dereference and Access of Uninitialized Pointer in TensorFlow Critical
GHSA-h6gw-r52c-724r was published for tensorflow (pip) Feb 9, 2022
calibre-web is vulnerable to Business Logic Errors Critical
CVE-2021-4171 was published for calibreweb (pip) Jan 21, 2022
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks Critical
CVE-2021-21386 was published for APKLeaks (pip) Jan 21, 2022
Ry0taK
Arbitrary expression injection in Pillow Critical
CVE-2022-22817 was published for Pillow (pip) Jan 12, 2022
G-Rath
Gerapy < 0.9.8 may cause remote code execution Critical
CVE-2021-43857 was published for gerapy (pip) Jan 6, 2022
Remote unauthenticated attackers able to upload files in Onionshare Critical
CVE-2021-41868 was published for onionshare-cli (pip) Nov 19, 2021
Improper Verification of Cryptographic Signature in starkbank-ecdsa Critical
CVE-2021-43572 was published for starkbank-ecdsa (pip) Nov 10, 2021
Incomplete validation in boosted trees code Critical
CVE-2021-41208 was published for tensorflow (pip) Nov 10, 2021
XML External Entity vulnerability in Easy-XML Critical
CVE-2020-26705 was published for easy-xml (pip) Nov 1, 2021
Improper Access Control in jupyterhub-firstuseauthenticator Critical
CVE-2021-41194 was published for jupyterhub-firstuseauthenticator (pip) Oct 28, 2021
georgejhunt
Remote code execution in dask Critical
CVE-2021-42343 was published for distributed (pip) Oct 27, 2021
ProTip! Advisories are also available from the GraphQL API