GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
268 advisories
Filter by severity
Key Caching behavior in the DynamoDB Encryption Client.
Low
GHSA-4ph2-8337-hm62
was published
for
dynamodb-encryption-sdk
(pip)
Feb 8, 2021
Apache Airflow logs passwords in plaintext
Low
CVE-2020-17511
was published
for
apache-airflow
(pip)
Dec 17, 2020
Lack of validation in data format attributes in TensorFlow
Low
CVE-2020-26267
was published
for
tensorflow
(pip)
Dec 10, 2020
UNEDITABLE_SCHEMAS and UNEDITABLE_TABLE_DESCRIPTION_MATCH_RULES not respected by frontend service backend
Low
GHSA-47qg-q58v-7vrp
was published
for
amundsen-frontend
(pip)
Dec 2, 2020
datasette-graphql leaks details of the schema of private database files
Low
GHSA-74hv-qjjq-h7g5
was published
for
datasette-graphql
(pip)
Nov 24, 2020
CLI does not correctly implement strict mode
Low
GHSA-2xwp-m7mq-7q3r
was published
for
aws-encryption-sdk-cli
(pip)
Oct 28, 2020
Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request
Low
CVE-2020-15239
was published
for
xmpp-http-upload
(pip)
Oct 6, 2020
Buffer overflow in deprecated USB HALs and stack overflow in USB enumeration
Low
GHSA-f366-4rvv-95x2
was published
for
cryptoauthlib
(pip)
Oct 2, 2020
personnummer/python vulnerable to Improper Input Validation
Low
GHSA-rxq3-5249-8hgg
was published
for
personnummer
(pip)
Sep 9, 2020
Path Traversal in openapi-python-client
Low
CVE-2020-15141
was published
for
openapi-python-client
(pip)
Aug 20, 2020
Incorrect Provision of Specified Functionality in qutebrowser
Low
CVE-2020-11054
was published
for
qutebrowser
(pip)
May 8, 2020
Vyper interfaces returning integer types less than 256 bits can be manipulated if uint256 is used
Low
GHSA-mr6r-mvw4-736g
was published
for
vyper
(pip)
Mar 25, 2020
Segmentation faultin TensorFlow when converting a Python string to `tf.float16`
Low
CVE-2020-5215
was published
for
tensorflow
(pip)
Jan 28, 2020
Heap buffer overflow in `UnsortedSegmentSum` in TensorFlow
Low
CVE-2019-16778
was published
for
tensorflow
(pip)
Dec 16, 2019
Django Denial-of-service possibility in truncatechars_html and truncatewords_html template filters
Low
CVE-2018-7537
was published
for
django
(pip)
Jan 4, 2019
ProTip!
Advisories are also available from the
GraphQL API