Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,511 advisories

Loading
Denial of Service in Onionshare High
CVE-2022-21689 was published for onionshare-cli (pip) Jan 21, 2022
Execution with Unnecessary Privileges in ipython High
CVE-2022-21699 was published for ipython (pip) Jan 21, 2022
mlucool quarl
Pipenv's requirements.txt parsing allows malicious index url in comments High
CVE-2022-21668 was published for pipenv (pip) Jan 12, 2022
milo-minderbinder
dnslib has DNS reply verification issue High
CVE-2022-22846 was published for dnslib (pip) Jan 12, 2022
Information disclosure in Django High
CVE-2021-45116 was published for Django (pip) Jan 12, 2022
tdunlap607
Denial-of-service in Django High
CVE-2021-45115 was published for Django (pip) Jan 12, 2022
sunSUNQ
Classic Buffer Overflow in pyo High
CVE-2021-41499 was published for pyo (pip) Jan 7, 2022
Incorrect Comparison in cvxopt High
CVE-2021-41500 was published for cvxopt (pip) Jan 7, 2022
pytorch-lightning is vulnerable to Deserialization of Untrusted Data High
CVE-2021-4118 was published for pytorch-lightning (pip) Jan 6, 2022
akihironitta
An authenticated user can execute arbitrary command in Gerapy High
CVE-2021-32849 was published for gerapy (pip) Jan 6, 2022
NLTK Vulnerable to REDoS High
CVE-2021-3842 was published for nltk (pip) Jan 6, 2022
OS Command Injection in celery High
CVE-2021-23727 was published for celery (pip) Jan 6, 2022
Inefficient Regular Expression Complexity in nltk (word_tokenize, sent_tokenize) High
CVE-2021-43854 was published for nltk (pip) Jan 6, 2022
tomaarsen raffienficiaud
bounter Null pointer reference High
CVE-2021-41497 was published for bounter (pip) Dec 18, 2021
Pyo Buffer Overflow Vulnerability High
CVE-2021-41498 was published for pyo (pip) Dec 18, 2021
Cross Site Request Forgery in mailman High
CVE-2021-44227 was published for mailman (pip) Dec 16, 2021
Improper Authentication in Flask-AppBuilder High
CVE-2021-41265 was published for Flask-AppBuilder (pip) Dec 9, 2021
Code injection via unsafe YAML loading High
CVE-2021-43811 was published for sockeye (pip) Dec 9, 2021
APM Java Agent Local Privilege Escalation High
CVE-2021-37941 was published for elastic-apm (pip) Dec 9, 2021
Code injection in FreeIPA High
CVE-2019-14867 was published for freeipa (pip) Dec 6, 2021
django-helpdesk is vulnerable to Cross-site Scripting High
CVE-2021-3994 was published for django-helpdesk (pip) Dec 3, 2021
Improper certificate management in AWS IoT Device SDK v2 High
CVE-2021-40830 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2 High
CVE-2021-40829 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2 High
CVE-2021-40831 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Path traversal in Matrix Synapse High
CVE-2021-41281 was published for matrix-synapse (pip) Nov 23, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database