Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,640
Maven
5,000+
npm
4,265
NuGet
760
pip
4,061
Pub
12
RubyGems
956
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,061 advisories

Loading
Cross-site scripting in pywb Moderate
CVE-2021-39286 was published for pywb (pip) Sep 2, 2021
XML External Entity Injection in PyWPS High
CVE-2021-39371 was published for pywps (pip) Sep 2, 2021
tdunlap607
Credited to tdunlap607
Command Injection in Simiki Critical
CVE-2020-19001 was published for simiki (pip) Sep 1, 2021
Cross Site Scripting (XSS) in Simiki Moderate
CVE-2020-19000 was published for simiki (pip) Sep 1, 2021
Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner. Low
CVE-2021-39163 was published for matrix-synapse (pip) Sep 1, 2021
0xkasper
Credited to 0xkasper
Improper authorisation of members discloses room membership to non-members Low
CVE-2021-39164 was published for matrix-synapse (pip) Sep 1, 2021
0xkasper
Credited to 0xkasper
Missing Authorization in Apache Airflow Moderate
CVE-2021-35936 was published for apache-airflow (pip) Aug 30, 2021
sunSUNQ
Credited to sunSUNQ
Path Traversal in bikshed Moderate
CVE-2021-23423 was published for bikeshed (pip) Aug 30, 2021
OS Command Injection in bikeshed High
CVE-2021-23422 was published for bikeshed (pip) Aug 30, 2021
Improper Restriction of XML External Entity Reference in Quokka Critical
CVE-2020-18705 was published for quokka (pip) Aug 30, 2021
Unrestricted Upload of File with Dangerous Type in django-widgy Critical
CVE-2020-18704 was published for django-widgy (pip) Aug 30, 2021
Improper Restriction of XML External Entity Reference in Quokka Critical
CVE-2020-18703 was published for quokka (pip) Aug 30, 2021
Cross Site Scripting (XSS) in Quokka Moderate
CVE-2020-18702 was published for quokka (pip) Aug 30, 2021
Code injection in nbgitpuller High
CVE-2021-39160 was published for nbgitpuller (pip) Aug 30, 2021
remote code execution via git repo provider Critical
CVE-2021-39159 was published for binderhub (pip) Aug 30, 2021
dreyercito rccern
Credited to dreyercito and rccern
Memory access due to code generation flaw in Cranelift module High
CVE-2021-32629 was published for cranelift-codegen (pip) Aug 25, 2021
Potential memory corruption in arrayfire Critical
CVE-2018-20998 was published for arrayfire (pip) Aug 25, 2021
westonsteimel
Credited to westonsteimel
Heap out of bounds access in sparse reduction operations High
CVE-2021-37635 was published for tensorflow (pip) Aug 25, 2021
Floating point exception in `SparseDenseCwiseDiv` Moderate
CVE-2021-37636 was published for tensorflow (pip) Aug 25, 2021
Null pointer dereference in `CompressElement` High
CVE-2021-37637 was published for tensorflow (pip) Aug 25, 2021
Null pointer dereference in `RaggedTensorToTensor` High
CVE-2021-37638 was published for tensorflow (pip) Aug 25, 2021
Null pointer dereference and heap OOB read in operations restoring tensors High
CVE-2021-37639 was published for tensorflow (pip) Aug 25, 2021
Integer division by 0 in sparse reshaping Moderate
CVE-2021-37640 was published for tensorflow (pip) Aug 25, 2021
Heap OOB in `RaggedGather` Moderate
CVE-2021-37641 was published for tensorflow (pip) Aug 25, 2021
Division by 0 in `ResourceScatterDiv` Moderate
CVE-2021-37642 was published for tensorflow (pip) Aug 25, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database