Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,511 advisories

Loading
Cross-site Scripting in django-helpdesk High
CVE-2021-3950 was published for django-helpdesk (pip) Nov 23, 2021
Exposure of Resource to Wrong Sphere in salt High
CVE-2021-21996 was published for salt (pip) Nov 21, 2021
Cross-site Scripting in django-helpdesk High
CVE-2021-3945 was published for django-helpdesk (pip) Nov 15, 2021
Improper Input Validation in pip High
CVE-2021-3572 was published for pip (pip) Nov 15, 2021
Unitialized access in `EinsumHelper::ParseEquation` High
CVE-2021-41201 was published for tensorflow (pip) Nov 10, 2021
Missing validation during checkpoint loading High
CVE-2021-41203 was published for tensorflow (pip) Nov 10, 2021
Incomplete validation of shapes in multiple TF ops High
CVE-2021-41206 was published for tensorflow (pip) Nov 10, 2021
Heap OOB read in `tf.raw_ops.SparseCountSparseOutput` High
CVE-2021-41210 was published for tensorflow (pip) Nov 10, 2021
Heap OOB in shape inference for `QuantizeV2` High
CVE-2021-41211 was published for tensorflow (pip) Nov 10, 2021
Heap OOB read in `tf.ragged.cross` High
CVE-2021-41212 was published for tensorflow (pip) Nov 10, 2021
Reference binding to `nullptr` in `tf.ragged.cross` High
CVE-2021-41214 was published for tensorflow (pip) Nov 10, 2021
Undefined behavior via `nullptr` reference binding in sparse matrix multiplication High
CVE-2021-41219 was published for tensorflow (pip) Nov 10, 2021
Use after free / memory leak in `CollectiveReduceV2` High
CVE-2021-41220 was published for tensorflow (pip) Nov 10, 2021
Access to invalid memory during shape inference in `Cudnn*` ops High
CVE-2021-41221 was published for tensorflow (pip) Nov 10, 2021
Improper hashing in enrocrypt High
CVE-2021-39182 was published for enrocrypt (pip) Nov 10, 2021
Signature verification vulnerability in Stark Bank ecdsa libraries High
GHSA-9wx7-jrvc-28mm was published for com.starkbank:ecdsa-java (Maven) Nov 8, 2021
tdunlap607
Out-of-bounds read in Pillow High
CVE-2020-10378 was published for Pillow (pip) Nov 3, 2021
sunSUNQ
Antilles Dependency Confusion Vulnerability High
CVE-2021-3840 was published for antilles-tools (pip) Nov 3, 2021
XML External Entity vulnerability in Easy-XML High
CVE-2020-26705 was published for easy-xml (pip) Nov 1, 2021
Authentication Bypass Using an Alternate Path or Channel and Authentication Bypass by Primary Weakness in rucio-webui High
GHSA-v988-828w-xvf2 was published for rucio-webui (pip) Oct 22, 2021
tdunlap607
Arbitrary command execution on Windows via qutebrowserurl: URL handler High
CVE-2021-41146 was published for qutebrowser (pip) Oct 22, 2021
Maliciously Crafted Model Archive Can Lead To Arbitrary File Write High
CVE-2021-41127 was published for rasa (pip) Oct 22, 2021
Directory Traversal in Babel High
CVE-2021-42771 was published for babel (pip) Oct 21, 2021
Policies not properly enforced in bluemonday High
CVE-2021-42576 was published for github.com/microcosm-cc/bluemonday (Go) Oct 19, 2021
Out-of-bounds Write in OpenCV High
CVE-2019-5064 was published for opencv-contrib-python (pip) Oct 12, 2021
harlekeyn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database