GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
267 advisories
Filter by severity
Django Denial-of-service possibility in truncatechars_html and truncatewords_html template filters
Low
CVE-2018-7537
was published
for
django
(pip)
Jan 4, 2019
Heap buffer overflow in `UnsortedSegmentSum` in TensorFlow
Low
CVE-2019-16778
was published
for
tensorflow
(pip)
Dec 16, 2019
Segmentation faultin TensorFlow when converting a Python string to `tf.float16`
Low
CVE-2020-5215
was published
for
tensorflow
(pip)
Jan 28, 2020
Vyper interfaces returning integer types less than 256 bits can be manipulated if uint256 is used
Low
GHSA-mr6r-mvw4-736g
was published
for
vyper
(pip)
Mar 25, 2020
Incorrect Provision of Specified Functionality in qutebrowser
Low
CVE-2020-11054
was published
for
qutebrowser
(pip)
May 8, 2020
Path Traversal in openapi-python-client
Low
CVE-2020-15141
was published
for
openapi-python-client
(pip)
Aug 20, 2020
personnummer/python vulnerable to Improper Input Validation
Low
GHSA-rxq3-5249-8hgg
was published
for
personnummer
(pip)
Sep 9, 2020
Buffer overflow in deprecated USB HALs and stack overflow in USB enumeration
Low
GHSA-f366-4rvv-95x2
was published
for
cryptoauthlib
(pip)
Oct 2, 2020
Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request
Low
CVE-2020-15239
was published
for
xmpp-http-upload
(pip)
Oct 6, 2020
CLI does not correctly implement strict mode
Low
GHSA-2xwp-m7mq-7q3r
was published
for
aws-encryption-sdk-cli
(pip)
Oct 28, 2020
datasette-graphql leaks details of the schema of private database files
Low
GHSA-74hv-qjjq-h7g5
was published
for
datasette-graphql
(pip)
Nov 24, 2020
UNEDITABLE_SCHEMAS and UNEDITABLE_TABLE_DESCRIPTION_MATCH_RULES not respected by frontend service backend
Low
GHSA-47qg-q58v-7vrp
was published
for
amundsen-frontend
(pip)
Dec 2, 2020
Lack of validation in data format attributes in TensorFlow
Low
CVE-2020-26267
was published
for
tensorflow
(pip)
Dec 10, 2020
Apache Airflow logs passwords in plaintext
Low
CVE-2020-17511
was published
for
apache-airflow
(pip)
Dec 17, 2020
Key Caching behavior in the DynamoDB Encryption Client.
Low
GHSA-4ph2-8337-hm62
was published
for
dynamodb-encryption-sdk
(pip)
Feb 8, 2021
`aiohttp` Open Redirect vulnerability (`normalize_path_middleware` middleware)
Low
CVE-2021-21330
was published
for
aiohttp
(pip)
Feb 26, 2021
Potential sensitive information disclosed in error reports
Low
CVE-2021-21416
was published
for
django-registration
(pip)
Apr 6, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Ansible
Low
CVE-2020-1739
was published
for
ansible
(pip)
Apr 7, 2021
CSRF Vuln can expose user's QRcode
Low
GHSA-fxq4-r6mr-9x64
was published
for
Flask-Security-Too
(pip)
Apr 8, 2021
VVE-2021-0002: Incorrect `returndatasize` when using simple forwarder proxies deployed prior to EIP-1167 adoption
Low
GHSA-375m-5fvv-xq23
was published
for
vyper
(pip)
Apr 19, 2021
Ansible vulnerable to Exposure of Resource to Wrong Sphere and Insecure Temporary File
Low
CVE-2020-1733
was published
for
ansible
(pip)
Apr 20, 2021
Open Redirect in Flask-Security-Too
Low
CVE-2021-32618
was published
for
Flask-Security-Too
(pip)
May 17, 2021
ProTip!
Advisories are also available from the
GraphQL API