Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,744
Maven
5,000+
npm
4,341
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,566 advisories

Loading
Memory corruption in Tensorflow High
CVE-2020-15193 was published for tensorflow (pip) Sep 25, 2020
Denial of Service in Tensorflow High
CVE-2020-15199 was published for tensorflow (pip) Sep 25, 2020
Heap Overflow in PyMiniRacer High
CVE-2020-25489 was published for py-mini-racer (pip) Sep 18, 2020
Remote Code Execution in Red Discord Bot High
CVE-2020-15147 was published for Red-DiscordBot (pip) Aug 21, 2020
Jackenmen
Credited to Jackenmen
openapi-python-client Arbitrary Code Generation vulnerability High
CVE-2020-15142 was published for openapi-python-client (pip) Aug 20, 2020
emann dtkav
dbanty westonsteimel
Credited to emann, dtkav, dbanty, and westonsteimel
HTTP response splitting in uvicorn High
CVE-2020-7695 was published for uvicorn (pip) Jul 29, 2020
Log injection in uvicorn High
CVE-2020-7694 was published for uvicorn (pip) Jul 29, 2020
tdunlap607
Credited to tdunlap607
Out-of-bounds reads in Pillow High
CVE-2020-10177 was published for Pillow (pip) Jul 27, 2020
sunSUNQ
Credited to sunSUNQ
Buffer overflow in Pillow High
CVE-2020-10379 was published for Pillow (pip) Jul 27, 2020
Out-of-bounds reads in Pillow High
CVE-2020-10994 was published for Pillow (pip) Jul 27, 2020
Remote code execution (RCE) in Apache Airflow High
CVE-2020-11978 was published for apache-airflow (pip) Jul 27, 2020
sunSUNQ
Credited to sunSUNQ
Possible pod name collisions in jupyterhub-kubespawner High
CVE-2020-15110 was published for jupyterhub-kubespawner (pip) Jul 22, 2020
Cross-Site Scripting in Wagtail High
CVE-2020-15118 was published for wagtail (pip) Jul 20, 2020
acarasimon96
Credited to acarasimon96
Data leakage via cache key collision in Django High
CVE-2020-13254 was published for Django (pip) Jun 5, 2020
tdunlap607
Credited to tdunlap607
django-nopassword stores secrets in cleartext High
CVE-2019-10682 was published for django-nopassword (pip) Jun 5, 2020
SQL injection in Django High
CVE-2020-9402 was published for Django (pip) Jun 5, 2020
sunSUNQ
Credited to sunSUNQ
Out-of-bounds read in TensorFlow possibly causing disclosure of the contents of process memory. High
CVE-2018-21233 was published for tensorflow (pip) May 13, 2020
Improper Verification of Cryptographic Signature in PySAML2 High
CVE-2020-5390 was published for pysaml2 (pip) May 6, 2020
Depth counting error in guard() leading to multiple potential security issues in aioxmpp High
CVE-2019-1000007 was published for aioxmpp (pip) Apr 29, 2020
Uncontrolled Resource Consumption in Pillow High
CVE-2019-19911 was published for pillow (pip) Apr 1, 2020
Out-of-bounds Read in Pillow High
CVE-2020-5313 was published for Pillow (pip) Apr 1, 2020
regular expression denial-of-service (ReDoS) in Bleach High
CVE-2020-6817 was published for bleach (pip) Mar 30, 2020
Double Free in psutil High
CVE-2019-18874 was published for psutil (pip) Mar 12, 2020
Improper Access Control in novajoin High
CVE-2019-10138 was published for novajoin (pip) Mar 12, 2020
Incorrect Default Permissions in keyring High
CVE-2012-5577 was published for keyring (pip) Mar 11, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database