Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,618 advisories

Loading
Cross-site scripting (XSS) vulnerability in the password reset endpoint Moderate
CVE-2021-21332 was published for matrix-synapse (pip) Mar 26, 2021
OMERO webclient does not validate URL redirects on login or switching group. Moderate
CVE-2021-21377 was published for omero-web (pip) Mar 23, 2021
lxml vulnerable to Cross-Site Scripting Moderate
CVE-2021-28957 was published for lxml (pip) Mar 22, 2021
Cross-site Scripting (XSS) in Django REST Framework Moderate
CVE-2020-25626 was published for djangorestframework (pip) Mar 19, 2021
Regular Expression Denial of Service (ReDoS) in Jinja2 Moderate
CVE-2020-28493 was published for jinja2 (pip) Mar 19, 2021
tdunlap607
Using default SSLContext for HTTPS requests in an HTTPS proxy doesn't verify certificate hostname for proxy connection Moderate
CVE-2021-28363 was published for urllib3 (pip) Mar 19, 2021
jalopezsilva pquentin
Django Incorrect Default Permissions Moderate
CVE-2020-24584 was published for django (pip) Mar 18, 2021
sunSUNQ
Django Directory Traversal via archive.extract Moderate
CVE-2021-3281 was published for django (pip) Mar 18, 2021
Pillow Out-of-bounds Read Moderate
CVE-2020-35655 was published for pillow (pip) Mar 18, 2021
sunSUNQ
Execution of untrusted code through config file Moderate
CVE-2021-21371 was published for tenable-jira-cloud (pip) Mar 10, 2021
abhiabhi2306 v1dhun
Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup Moderate
CVE-2021-21360 was published for Products.GenericSetup (pip) Mar 9, 2021
chutchut
URL Redirection to Untrusted Site ('Open Redirect') in Products.PluggableAuthService Moderate
CVE-2021-21337 was published for Products.PluggableAuthService (pip) Mar 8, 2021
jugmac00 xoffense
Denial of service attack via .well-known lookups Moderate
CVE-2021-21274 was published for matrix-synapse (pip) Mar 1, 2021
mscherer
Open redirects on some federation and push requests Moderate
CVE-2021-21273 was published for matrix-synapse (pip) Feb 26, 2021
mscherer
Cross-Site Scripting Moderate
GHSA-94ww-22rx-493x was published for flower (pip) Feb 24, 2021 withdrawn
Cross-Site Scripting Moderate
GHSA-57h7-r3q3-w57j was published for djangorestframework (pip) Feb 24, 2021 withdrawn
Cross-site scripting in Bleach Moderate
CVE-2021-23980 was published for bleach (pip) Feb 2, 2021
Improper Verification of Cryptographic Signature in PySAML2 Moderate
CVE-2021-21239 was published for pysaml2 (pip) Jan 21, 2021
bawolff
SAML XML Signature wrapping in PySAML2 Moderate
CVE-2021-21238 was published for pysaml2 (pip) Jan 21, 2021
VictorSG
lxml vulnerable to Cross-site Scripting Moderate
CVE-2020-27783 was published for lxml (pip) Jan 7, 2021
Jupyter Server open redirect vulnerability Moderate
CVE-2020-26275 was published for jupyter-server (pip) Dec 21, 2020
Yaniv-git
SSRF vulnerability in Apache Airflow Moderate
CVE-2020-17513 was published for apache-airflow (pip) Dec 17, 2020
sunSUNQ
Heap out of bounds access in MakeEdge in TensorFlow Moderate
CVE-2020-26271 was published for tensorflow (pip) Dec 10, 2020
CHECK-fail in LSTM with zero-length input in TensorFlow Moderate
CVE-2020-26270 was published for tensorflow (pip) Dec 10, 2020
Write to immutable memory region in TensorFlow Moderate
CVE-2020-26268 was published for tensorflow (pip) Dec 10, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database