GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,075
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
362 advisories
Filter by severity
ReviewBoard and Djblets library are vulnerable to code execution
Critical
CVE-2013-4409
was published
for
ReviewBoard
(pip)
May 5, 2022
Improper Input Validation in httpx
Critical
CVE-2021-41945
was published
for
httpx
(pip)
Apr 29, 2022
SQL injection in apache-superset
Critical
CVE-2022-27479
was published
for
apache-superset
(pip)
Apr 14, 2022
Use of Externally-Controlled Format String in consoleme
Critical
CVE-2022-27177
was published
for
consoleme
(pip)
Apr 3, 2022
Poetry before v1.1.9 contains Untrusted Search Path
Critical
CVE-2022-26184
was published
for
poetry
(pip)
Mar 23, 2022
Insufficient Protection against HTTP Request Smuggling in mitmproxy
Critical
CVE-2022-24766
was published
for
mitmproxy
(pip)
Mar 22, 2022
HTTP/2 DoS Attacks: Ping, Reset, and Settings Floods
Critical
GHSA-32gv-6cf3-wcmq
was published
for
twisted
(pip)
Mar 14, 2022
Duplicate Advisory: Incorrect Authorization in Gerapy
Critical
CVE-2021-44597
was published
for
gerapy
(pip)
Mar 11, 2022
•
withdrawn
Server-Side Request Forgery in calibreweb
Critical
CVE-2022-0767
was published
for
calibreweb
(pip)
Mar 8, 2022
Server-Side Request Forgery in calibreweb
Critical
CVE-2022-0766
was published
for
calibreweb
(pip)
Mar 8, 2022
Code Injection in PyTorch Lightning
Critical
CVE-2022-0845
was published
for
pytorch-lightning
(pip)
Mar 6, 2022
NULL Pointer Dereference and Access of Uninitialized Pointer in TensorFlow
Critical
GHSA-h6gw-r52c-724r
was published
for
tensorflow
(pip)
Feb 9, 2022
calibre-web is vulnerable to Business Logic Errors
Critical
CVE-2021-4171
was published
for
calibreweb
(pip)
Jan 21, 2022
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks
Critical
CVE-2021-21386
was published
for
APKLeaks
(pip)
Jan 21, 2022
Arbitrary expression injection in Pillow
Critical
CVE-2022-22817
was published
for
Pillow
(pip)
Jan 12, 2022
Gerapy < 0.9.8 may cause remote code execution
Critical
CVE-2021-43857
was published
for
gerapy
(pip)
Jan 6, 2022
Remote unauthenticated attackers able to upload files in Onionshare
Critical
CVE-2021-41868
was published
for
onionshare-cli
(pip)
Nov 19, 2021
Improper Verification of Cryptographic Signature in starkbank-ecdsa
Critical
CVE-2021-43572
was published
for
starkbank-ecdsa
(pip)
Nov 10, 2021
Incomplete validation in boosted trees code
Critical
CVE-2021-41208
was published
for
tensorflow
(pip)
Nov 10, 2021
XML External Entity vulnerability in Easy-XML
Critical
CVE-2020-26705
was published
for
easy-xml
(pip)
Nov 1, 2021
Improper Access Control in jupyterhub-firstuseauthenticator
Critical
CVE-2021-41194
was published
for
jupyterhub-firstuseauthenticator
(pip)
Oct 28, 2021
Remote code execution in dask
Critical
CVE-2021-42343
was published
for
distributed
(pip)
Oct 27, 2021
ProTip!
Advisories are also available from the
GraphQL API