GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,110
Erlang
29
GitHub Actions
19
Go
1,926
Maven
5,000+
npm
3,664
NuGet
642
pip
3,266
Pub
10
RubyGems
873
Rust
825
Swift
35
Unreviewed advisories
All unreviewed
5,000+
399 advisories
Filter by severity
Pillow Integer overflow in ImagingResampleHorizontal
Critical
CVE-2016-4009
was published
for
pillow
(pip)
Jul 24, 2018
Buffer Copy without Checking Size of Input in Pillow
Critical
CVE-2020-5311
was published
for
pillow
(pip)
May 24, 2022
PCX P mode buffer overflow in Pillow
Critical
CVE-2020-5312
was published
for
Pillow
(pip)
Nov 3, 2021
Inconsistent input sanitisation leads to XSS vectors
Critical
CVE-2021-41132
was published
for
omero-figure
(pip)
Oct 14, 2021
Numpy Deserialization of Untrusted Data
Critical
CVE-2019-6446
was published
for
numpy
(pip)
May 24, 2022
Ops CLI Deserialization of Untrusted Data vulnerability
Critical
CVE-2021-40720
was published
for
ops-cli
(pip)
May 24, 2022
PaddlePaddle vulnerable to Code Injection
Critical
CVE-2022-46742
was published
for
PaddlePaddle
(pip)
Dec 7, 2022
Unsafe deserialization in owlmixin
Critical
CVE-2017-16618
was published
for
owlmixin
(pip)
Jul 13, 2018
Octobot mishandles Tentacles upload
Critical
CVE-2021-36711
was published
for
OctoBot
(pip)
Jul 17, 2022
Improper Authorization and Origin Validation Error in OneFuzz
Critical
CVE-2021-37705
was published
for
onefuzz
(pip)
Aug 13, 2021
Nameko Arbitrary code execution due to YAML deserialization
Critical
CVE-2021-41078
was published
for
nameko
(pip)
Oct 19, 2021
Insufficient Protection against HTTP Request Smuggling in mitmproxy
Critical
CVE-2022-24766
was published
for
mitmproxy
(pip)
Mar 22, 2022
Mitmweb in mitmproxy allows DNS Rebinding attacks
Critical
CVE-2018-14505
was published
for
mitmproxy
(pip)
Jul 31, 2018
modoboa Cross-site Scripting vulnerability
Critical
CVE-2023-5688
was published
for
modoboa
(pip)
Oct 20, 2023
Lacking Protection against HTTP Request Smuggling in mitmproxy
Critical
CVE-2021-39214
was published
for
mitmproxy
(pip)
Sep 20, 2021
mlflow is vulnerable to remote file access in `mlflow server` and `mlflow ui` CLIs
Critical
CVE-2023-1177
was published
for
mlflow
(pip)
Mar 24, 2023
AdaptiveScale LXDUI Hardcoded JWT Secret Key
Critical
CVE-2021-40494
was published
for
lxdui
(pip)
May 24, 2022
Markdown-supplied Shell Command Execution
Critical
CVE-2020-15271
was published
for
lookatme
(pip)
Oct 27, 2020
Improper Privilege Management in sap-xssec
Critical
CVE-2023-50423
was published
for
sap-xssec
(pip)
Dec 13, 2023
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection
Critical
CVE-2024-37301
was published
for
document-merge-service
(pip)
Jun 11, 2024
Duplicate Advisory: Privilege escalation in sap-xssec
Critical
GHSA-p99h-pfg6-qrfg
was published
for
sap-xssec
(pip)
Dec 12, 2023
•
withdrawn
Code-execution backdoor in marcador
Critical
CVE-2022-28470
was published
for
marcador
(pip)
May 9, 2022
ProTip!
Advisories are also available from the
GraphQL API