Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,511 advisories

Loading
Exposure of sensitive information to an unauthorized actor in HyperKitty High
CVE-2021-33038 was published for HyperKitty (pip) Jun 1, 2021
westonsteimel
Insertion of Sensitive Information into Log File in ansible High
CVE-2021-20178 was published for ansible (pip) Jun 1, 2021
Catastrophic backtracking in URL authority parser when passed URL containing many @ characters High
CVE-2021-33503 was published for urllib3 (pip) Jun 1, 2021
NariyoshiChida ap-wtioit
Stack overflow due to looping TFLite subgraph High
CVE-2021-29591 was published for tensorflow (pip) May 21, 2021
Flask-Cors Directory Traversal vulnerability High
CVE-2020-25032 was published for Flask-Cors (pip) May 6, 2021
Unauthorized access through URL manipulation High
GHSA-qrmm-w4v4-q7f8 was published for docassemble (pip) May 6, 2021
jimmio
Timing attacks in python-rsa High
CVE-2020-25658 was published for rsa (pip) Apr 30, 2021
Plaintext password leak in Apache Superset High
CVE-2020-13952 was published for apache-superset (pip) Apr 30, 2021
Uncontrolled Resource Consumption in urllib3 High
CVE-2020-7212 was published for urllib3 (pip) Apr 30, 2021
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible High
CVE-2019-14905 was published for ansible (pip) Apr 20, 2021
OS Command Injection and Improper Input Validation in ansible High
CVE-2019-14904 was published for ansible (pip) Apr 20, 2021
Path Traversal in Ansible High
CVE-2020-1737 was published for ansible (pip) Apr 20, 2021
Incorrect Session Validation in Apache Airflow High
CVE-2020-17526 was published for apache-airflow (pip) Apr 20, 2021
sunSUNQ
py vulnerable to Regular Expression Denial of Service High
CVE-2020-29651 was published for py (pip) Apr 20, 2021
Infinite Loop in Pygments High
CVE-2021-20270 was published for Pygments (pip) Apr 20, 2021
Improper Restriction of XML External Entity Reference in pikepdf High
CVE-2021-29421 was published for pikepdf (pip) Apr 20, 2021
Improper Certificate Validation in blackduck High
CVE-2020-27589 was published for blackduck (pip) Apr 20, 2021
Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields High
CVE-2021-29434 was published for wagtail (pip) Apr 20, 2021
kevthehermit gasman
tdunlap607
Sydent vulnerable to denial of service attack via memory exhaustion High
CVE-2021-29430 was published for matrix-sydent (pip) Apr 19, 2021
SQL Injection via in django-debug-toolbar High
CVE-2021-30459 was published for django-debug-toolbar (pip) Apr 16, 2021
alex
Open redirect via transitional IPv6 addresses on dual-stack networks High
CVE-2021-21392 was published for matrix-synapse (pip) Apr 13, 2021
mscherer
Improper Input Validation in sopel-plugins.channelmgnt High
CVE-2021-21431 was published for sopel-plugins.channelmgnt (pip) Apr 9, 2021
Indico Tampering with links (e.g. password reset) in sent emails High
CVE-2021-30185 was published for indico (pip) Apr 8, 2021
Improper Restriction of XML External Entity Reference in Plone High
CVE-2020-28736 was published for Plone (pip) Apr 7, 2021
SSRF attacks via tracebacks in Plone High
CVE-2020-28735 was published for Plone (pip) Apr 7, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database