Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,511 advisories

Loading
Integer overflow in pywin32 High
CVE-2021-32559 was published for pywin32 (pip) Aug 9, 2021
URL Redirection to Untrusted Site ('Open Redirect') in Products.isurlinportal High
CVE-2021-32806 was published for Products.isurlinportal (pip) Aug 5, 2021
Remote Code Execution via Script (Python) objects under Python 3 High
CVE-2021-32811 was published for Zope (pip) Aug 5, 2021
Storage corruption due to variables overwritten by re-entrancy locks High
GHSA-7f92-rr6w-cq64 was published for vyper (pip) Aug 5, 2021
pandadefi charles-cooper
iamdefinitelyahuman
XML2Dict XML Entity Expansion Vulnerability High
CVE-2021-25951 was published for XML2Dict (pip) Jul 2, 2021
Remote Code Execution via traversal in TAL expressions High
CVE-2021-32633 was published for Zope (pip) Jun 18, 2021
Server-Side Request Forgery in Plone High
CVE-2021-33511 was published for Plone (pip) Jun 15, 2021
Duplicate Advisory: Path Traversal in Zope High
GHSA-962m-m8jw-8wrr was published for Zope (pip) Jun 15, 2021 withdrawn
The Fuck Arbitrary File Deletion via Path Traversal High
CVE-2021-34363 was published for thefuck (pip) Jun 15, 2021
Observable Timing Discrepancy in aaugustin websockets library High
CVE-2021-33880 was published for websockets (pip) Jun 11, 2021
Duplicate Advisory: Reflected cross-site scripting issue in Datasette High
GHSA-gff3-739c-gxfq was published for datasette (pip) Jun 10, 2021 withdrawn
Duplicate Advisory: Path Traversal in Zope High
GHSA-5vq5-pg3r-9ph3 was published for Zope (pip) Jun 10, 2021 withdrawn
Django Access Control Bypass possibly leading to SSRF, RFI, and LFI attacks High
CVE-2021-33571 was published for Django (pip) Jun 10, 2021
tdunlap607
Cross-Site Request Forgery (CSRF) in FastAPI High
CVE-2021-32677 was published for fastapi (pip) Jun 10, 2021
b0g3r
Path Traversal in pip High
CVE-2019-20916 was published for pip (pip) Jun 9, 2021
Insufficient Session Expiration in OpenStack Keystone High
CVE-2020-12690 was published for keystone (pip) Jun 9, 2021
Uncontrolled Resource Consumption in Pillow High
CVE-2021-28677 was published for Pillow (pip) Jun 8, 2021
sunSUNQ
Pillow Out-of-bounds Read vulnerability High
CVE-2021-25288 was published for Pillow (pip) Jun 8, 2021
Pillow denial of service High
CVE-2021-28675 was published for Pillow (pip) Jun 8, 2021
Out-of-bounds Read in Pillow High
CVE-2021-25287 was published for Pillow (pip) Jun 8, 2021
Potential infinite loop in Pillow High
CVE-2021-28676 was published for Pillow (pip) Jun 8, 2021
tdunlap607
Remote Code Execution via traversal in TAL expressions High
CVE-2021-32674 was published for Zope (pip) Jun 8, 2021
django-celery-results Stores Sensitive Information In Cleartext High
CVE-2020-17495 was published for django-celery-results (pip) Jun 4, 2021
G-Rath
Path Traversal in Django High
CVE-2021-31542 was published for Django (pip) Jun 4, 2021
tdunlap607
markdown2 Regular Expression Denial of Service High
CVE-2021-26813 was published for markdown2 (pip) Jun 2, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database