Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,511
Maven
5,000+
npm
4,149
NuGet
736
pip
3,949
Pub
12
RubyGems
946
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,511 advisories

Loading
Command Injection in Nuitka High
CVE-2022-2054 was published for Nuitka (pip) Jun 13, 2022
Cross Site Scripting vulnerability in django-jsonform's admin form. High
GHSA-x9jp-4w8m-4f3c was published for django-jsonform (pip) Jun 10, 2022
Multiple evaluation of contract address in call in vyper High
CVE-2022-29255 was published for vyper (pip) Jun 6, 2022
Flower OAuth authentication bypass High
CVE-2022-30034 was published for flower (pip) Jun 3, 2022
tprynn
Uncaught Exception (due to a data race) leads to process termination in Waitress High
CVE-2022-31015 was published for waitress (pip) Jun 2, 2022
oakkitten
Phoenix-ws source code and data in extensions folder is publicly available High
GHSA-c8f7-x2g7-7fxj was published for phoenix-ws (pip) Jun 2, 2022
Buffer over-flow in Pillow High
CVE-2022-30595 was published for Pillow (pip) May 26, 2022
sunSUNQ
Ansible Exposes Sensitive Information High
CVE-2021-20228 was published for ansible (pip) May 25, 2022
Apache Superset OS Command Injection High
CVE-2020-13948 was published for apache-superset (pip) May 24, 2022
Key confusion through non-blocklisted public key formats High
CVE-2022-29217 was published for pyjwt (pip) May 24, 2022
aapooksman
Code injection in `saved_model_cli` in TensorFlow High
CVE-2022-29216 was published for tensorflow (pip) May 24, 2022
Segfault and OOB write due to incomplete validation in `EditDistance` in TensorFlow High
CVE-2022-29208 was published for tensorflow (pip) May 24, 2022
Improper Verification of Cryptographic Signature in matrix-synapse High
CVE-2019-18835 was published for matrix-synapse (pip) May 24, 2022
westonsteimel
Improper Authentication in pip High
CVE-2013-5123 was published for pip (pip) May 24, 2022
Asterix Heap-based Buffer Overflow High
CVE-2021-44144 was published for asterix_decoder (pip) May 24, 2022
Improper Encoding or Escaping of Output in Apache Superset High
CVE-2021-42250 was published for apache-superset (pip) May 24, 2022
Apache Superset allowed for database connections password leak for authenticated users High
CVE-2021-41972 was published for apache-superset (pip) May 24, 2022
Apache Superset SQL Injection when template processing is enabled High
CVE-2021-41971 was published for apache-superset (pip) May 24, 2022
furlongm openvpn-monitor command injection High
CVE-2021-31605 was published for openvpn-monitor (pip) May 24, 2022
furlongm openvpn-monitor allows Authorization Bypass to disconnect arbitrary clients High
CVE-2021-31606 was published for openvpn-monitor (pip) May 24, 2022
LIEF heap-buffer-overflow High
CVE-2021-32297 was published for lief (pip) May 24, 2022
Improper Authentication in SaltStack Salt High
CVE-2021-22004 was published for salt (pip) May 24, 2022
OpenStack Neutron Denial of Service vulnerability High
CVE-2021-40797 was published for neutron (pip) May 24, 2022
OpenStack Neutron vulnerable to authenticated attackers reconfiguring dnsmasq via crafted extra_dhcp_opts value High
CVE-2021-40085 was published for neutron (pip) May 24, 2022
OpenStack Neutron vulnerable to hardware address impersonation High
CVE-2021-38598 was published for neutron (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database