Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,110
Erlang
29
GitHub Actions
19
Go
1,926
Maven
5,000+
npm
3,664
NuGet
642
pip
3,266
Pub
10
RubyGems
873
Rust
825
Swift
35
Unreviewed advisories
All unreviewed
5,000+

399 advisories

Loading
Out of bounds write in Pillow Critical
CVE-2021-25289 was published for pillow (pip) Mar 29, 2021
sunSUNQ
Pillow Integer overflow in ImagingResampleHorizontal Critical
CVE-2016-4009 was published for pillow (pip) Jul 24, 2018
Buffer Copy without Checking Size of Input in Pillow Critical
CVE-2020-5311 was published for pillow (pip) May 24, 2022
Integer overflow in Pillow Critical
CVE-2020-5310 was published for pillow (pip) Nov 3, 2021
PCX P mode buffer overflow in Pillow Critical
CVE-2020-5312 was published for Pillow (pip) Nov 3, 2021
Inconsistent input sanitisation leads to XSS vectors Critical
CVE-2021-41132 was published for omero-figure (pip) Oct 14, 2021
Numpy Deserialization of Untrusted Data Critical
CVE-2019-6446 was published for numpy (pip) May 24, 2022
Ops CLI Deserialization of Untrusted Data vulnerability Critical
CVE-2021-40720 was published for ops-cli (pip) May 24, 2022
PaddlePaddle vulnerable to Code Injection Critical
CVE-2022-46742 was published for PaddlePaddle (pip) Dec 7, 2022
Unsafe deserialization in owlmixin Critical
CVE-2017-16618 was published for owlmixin (pip) Jul 13, 2018
Octobot mishandles Tentacles upload Critical
CVE-2021-36711 was published for OctoBot (pip) Jul 17, 2022
Improper Authorization and Origin Validation Error in OneFuzz Critical
CVE-2021-37705 was published for onefuzz (pip) Aug 13, 2021
Nameko Arbitrary code execution due to YAML deserialization Critical
CVE-2021-41078 was published for nameko (pip) Oct 19, 2021
Insufficient Protection against HTTP Request Smuggling in mitmproxy Critical
CVE-2022-24766 was published for mitmproxy (pip) Mar 22, 2022
zeyu2001
Mitmweb in mitmproxy allows DNS Rebinding attacks Critical
CVE-2018-14505 was published for mitmproxy (pip) Jul 31, 2018
modoboa Cross-site Scripting vulnerability Critical
CVE-2023-5688 was published for modoboa (pip) Oct 20, 2023
Lacking Protection against HTTP Request Smuggling in mitmproxy Critical
CVE-2021-39214 was published for mitmproxy (pip) Sep 20, 2021
chinchila mhils
mlflow is vulnerable to remote file access in `mlflow server` and `mlflow ui` CLIs Critical
CVE-2023-1177 was published for mlflow (pip) Mar 24, 2023
AdaptiveScale LXDUI Hardcoded JWT Secret Key Critical
CVE-2021-40494 was published for lxdui (pip) May 24, 2022
Markdown-supplied Shell Command Execution Critical
CVE-2020-15271 was published for lookatme (pip) Oct 27, 2020
Improper Privilege Management in sap-xssec Critical
CVE-2023-50423 was published for sap-xssec (pip) Dec 13, 2023
rosenblueh
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection Critical
CVE-2024-37301 was published for document-merge-service (pip) Jun 11, 2024
c0rydoras
Duplicate Advisory: Privilege escalation in sap-xssec Critical
GHSA-p99h-pfg6-qrfg was published for sap-xssec (pip) Dec 12, 2023 withdrawn
Code-execution backdoor in marcador Critical
CVE-2022-28470 was published for marcador (pip) May 9, 2022
py-lmdb Invalid write operation Critical
CVE-2019-16225 was published for lmdb (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database