Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

5,050 advisories

Loading
Pillow Uncontrolled Resource Consumption High
CVE-2021-27922 was published for pillow (pip) Mar 18, 2021
sunSUNQ
Credited to sunSUNQ
Pillow Denial of Service by Uncontrolled Resource Consumption High
CVE-2021-27921 was published for Pillow (pip) Mar 18, 2021
sunSUNQ
Credited to sunSUNQ
Pillow Denial of Service by Uncontrolled Resource Consumption High
CVE-2021-27923 was published for pillow (pip) Mar 18, 2021
sunSUNQ
Credited to sunSUNQ
Improper Input Validation (RCE) High
CVE-2021-26814 was published for wazuh (npm) Mar 18, 2021
URIjs Hostname spoofing via backslashes in URL High
CVE-2021-27516 was published for urijs (npm) Mar 1, 2021
Yaniv-git
Credited to Yaniv-git
Denial of Service in i18n High
CVE-2020-7791 was published for i18n (NuGet) Dec 14, 2020
Denial of service attack due to invalid JSON High
CVE-2020-26890 was published for matrix-synapse (pip) Nov 24, 2020
dkasak
Credited to dkasak
Vulnerability in RPKI manifest validation High
GHSA-q76j-58cx-wp5v was published for net.ripe.rpki:rpki-validator-3 (Maven) Nov 13, 2020
Prototype pollution in object-path High
CVE-2020-15256 was published for object-path (npm) Oct 19, 2020
alromh87 JamieSlome
Asjidkalam huntr-helper
Credited to alromh87, JamieSlome, Asjidkalam, and huntr-helper
Unpreventable top-level navigation High
CVE-2020-15174 was published for electron (npm) Oct 6, 2020
masatokinugawa
Credited to masatokinugawa
Potential access control security issue in apollo-adminservice High
CVE-2020-15170 was published for com.ctrip.framework.apollo:apollo-core (Maven) Oct 2, 2020
File restriction bypass in socket.io-file High
GHSA-6495-8jvh-f28x was published for socket.io-file (npm) Oct 2, 2020
Segmentation fault in tensorflow-lite High
CVE-2020-15210 was published for tensorflow (pip) Sep 25, 2020
Denial of Service in Tensorflow High
CVE-2020-15206 was published for tensorflow (pip) Sep 25, 2020
Denial of Service in Tensorflow High
CVE-2020-15203 was published for tensorflow (pip) Sep 25, 2020
Segfault in Tensorflow High
CVE-2020-15200 was published for tensorflow (pip) Sep 25, 2020
Denial of Service in Tensorflow High
CVE-2020-15199 was published for tensorflow (pip) Sep 25, 2020
Remote Code Execution in next High
GHSA-5vj8-3v2h-h38v was published for next (npm) Sep 4, 2020
medikoo
Credited to medikoo
Remote Code Execution in pi_video_recording High
GHSA-9wjh-jr2j-6r4x was published for pi_video_recording (npm) Sep 2, 2020
Remote Code Execution in office-converter High
GHSA-9p64-h5q4-phpm was published for office-converter (npm) Sep 2, 2020
Remote Code Execution in pomelo-monitor High
GHSA-m5ch-gx8g-rg73 was published for pomelo-monitor (npm) Sep 2, 2020
Moped Rubygem Data Injection Vulnerability High
CVE-2015-4410 was published for moped (RubyGems) Aug 19, 2020
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS High
CVE-2020-15099 was published for typo3/cms (Composer) Jul 29, 2020
ohader
Credited to ohader
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS High
CVE-2020-15098 was published for typo3/cms (Composer) Jul 29, 2020
ohader
Credited to ohader
Unsafe object creation in json RubyGem High
CVE-2020-10663 was published for json (RubyGems) Jul 27, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database