GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,974
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,984
npm
3,523
NuGet
611
pip
3,098
Pub
10
RubyGems
834
Rust
784
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,098 advisories
Filter by severity
Heap Overflow in PyMiniRacer
Moderate
CVE-2020-25489
was published
for
py-mini-racer
(pip)
Sep 18, 2020
Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request
Low
CVE-2020-15239
was published
for
xmpp-http-upload
(pip)
Oct 6, 2020
user-readable api tokens in systemd units for JupyterHub
High
CVE-2020-26261
was published
for
jupyterhub-systemdspawner
(pip)
Dec 9, 2020
UNEDITABLE_SCHEMAS and UNEDITABLE_TABLE_DESCRIPTION_MATCH_RULES not respected by frontend service backend
Low
GHSA-47qg-q58v-7vrp
was published
for
amundsen-frontend
(pip)
Dec 2, 2020
Remote Code Execution (RCE) Exploit on Cross Site Scripting (XSS) Vulnerability
High
CVE-2020-26249
was published
for
red-dashboard
(pip)
Dec 8, 2020
CHECK-fail in LSTM with zero-length input in TensorFlow
Low
CVE-2020-26270
was published
for
tensorflow
(pip)
Dec 10, 2020
Open redirect in Jupyter Server
Moderate
CVE-2020-26232
was published
for
jupyter-server
(pip)
Nov 24, 2020
Authorization Bypass in I hate money
Moderate
CVE-2020-15120
was published
for
ihatemoney
(pip)
Jul 27, 2020
Key Caching behavior in the DynamoDB Encryption Client.
Low
GHSA-4ph2-8337-hm62
was published
for
dynamodb-encryption-sdk
(pip)
Feb 8, 2021
Write to immutable memory region in TensorFlow
Low
CVE-2020-26268
was published
for
tensorflow
(pip)
Dec 10, 2020
Update bitlyshortener to >=0.5.0 to prevent generating some invalid short URLs
High
GHSA-r82c-j4mq-5xfw
was published
for
bitlyshortener
(pip)
Oct 27, 2020
LDAP authentication bypass with empty password
High
CVE-2020-26214
was published
for
alerta-server
(pip)
Nov 6, 2020
Open redirect in Jupyter Notebook
Moderate
CVE-2020-26215
was published
for
notebook
(pip)
Nov 18, 2020
Uninitialized memory access in TensorFlow
Low
CVE-2020-26266
was published
for
tensorflow
(pip)
Dec 10, 2020
Heap out of bounds access in MakeEdge in TensorFlow
Low
CVE-2020-26271
was published
for
tensorflow
(pip)
Dec 10, 2020
Base class whitelist configuration ignored in OAuthenticator
High
CVE-2020-26250
was published
for
oauthenticator
(pip)
Dec 1, 2020
datasette-graphql leaks details of the schema of private database files
Low
GHSA-74hv-qjjq-h7g5
was published
for
datasette-graphql
(pip)
Nov 24, 2020
Cross-Site Request Forgery (CSRF) in Luigi
High
CVE-2018-1000843
was published
for
luigi
(pip)
Dec 20, 2018
Buffer overflow in deprecated USB HALs and stack overflow in USB enumeration
Low
GHSA-f366-4rvv-95x2
was published
for
cryptoauthlib
(pip)
Oct 2, 2020
VVE-2021-0002: Incorrect `returndatasize` when using simple forwarder proxies deployed prior to EIP-1167 adoption
Low
GHSA-375m-5fvv-xq23
was published
for
vyper
(pip)
Apr 19, 2021
Arbitrary Code Execution in blazar-dashboard
Moderate
CVE-2020-26943
was published
for
blazar-dashboard
(pip)
Oct 27, 2020
CLI does not correctly implement strict mode
Low
GHSA-2xwp-m7mq-7q3r
was published
for
aws-encryption-sdk-cli
(pip)
Oct 28, 2020
ProTip!
Advisories are also available from the
GraphQL API