Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,618 advisories

Loading
Cross-site Scripting in django-cms Moderate
CVE-2021-44649 was published for django-cms (pip) Jan 13, 2022
Improper Initialization in Pillow Moderate
CVE-2022-22815 was published for Pillow (pip) Jan 12, 2022
sunSUNQ
Out-of-bounds Read in Pillow Moderate
CVE-2022-22816 was published for Pillow (pip) Jan 12, 2022
tdunlap607
Directory-traversal in Django Moderate
CVE-2021-45452 was published for Django (pip) Jan 12, 2022
tdunlap607
Path Traversal in nemo-toolkit Moderate
CVE-2022-22821 was published for nemo-toolkit (pip) Jan 11, 2022
NumPy Buffer Overflow (Disputed) Moderate
CVE-2021-33430 was published for numpy (pip) Jan 7, 2022
archivy is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4162 was published for archivy (pip) Jan 6, 2022
westonsteimel
Incorrect Comparison in NumPy Moderate
CVE-2021-34141 was published for numpy (pip) Dec 18, 2021
vault-cli contains possible RCE when reading user-defined data Moderate
CVE-2021-43837 was published for vault-cli (pip) Dec 16, 2021
ewjoachim
lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through Moderate
CVE-2021-43818 was published for lxml (pip) Dec 13, 2021
pwntester
Potential bypass of an upstream access control based on URL paths in Django Moderate
CVE-2021-44420 was published for Django (pip) Dec 9, 2021
Permissions not properly checked in Invenio-Drafts-Resources Moderate
CVE-2021-43781 was published for invenio-app-rdm (pip) Dec 6, 2021
lnielsen
Cross-site Scripting in python-cjson Moderate
CVE-2009-4924 was published for python-cjson (pip) Dec 6, 2021
Cross-site Scripting in CKAN Moderate
CVE-2021-25967 was published for ckan (pip) Dec 3, 2021
Cross-site Scripting in django-wiki Moderate
CVE-2021-25986 was published for wiki (pip) Dec 2, 2021
Improper Neutralization of Formula Elements in a CSV File in html-2-csv Moderate
CVE-2021-23654 was published for html-to-csv (pip) Nov 30, 2021
KateCatlin
S3Scanner allows Directory Traversal Moderate
CVE-2021-32061 was published for s3scanner (pip) Nov 30, 2021
ReDoS in LDAP schema parser Moderate
GHSA-r8wq-qrxc-hmcm was published for python-ldap (pip) Nov 29, 2021
Improper certificate management in AWS IoT Device SDK v2 Moderate
CVE-2021-40828 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Information disclosure vulnerability in OnionShare Moderate
CVE-2021-41867 was published for onionshare-cli (pip) Nov 19, 2021
Crash in `tf.math.segment_*` operations Moderate
CVE-2021-41195 was published for tensorflow (pip) Nov 10, 2021
Crash in `max_pool3d` when size argument is 0 or negative Moderate
CVE-2021-41196 was published for tensorflow (pip) Nov 10, 2021
Crashes due to overflow and `CHECK`-fail in ops with large tensor shapes Moderate
CVE-2021-41197 was published for tensorflow (pip) Nov 10, 2021
Overflow/crash in `tf.tile` when tiling tensor is large Moderate
CVE-2021-41198 was published for tensorflow (pip) Nov 10, 2021
Overflow/crash in `tf.image.resize` when size is large Moderate
CVE-2021-41199 was published for tensorflow (pip) Nov 10, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database