Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,071
Erlang
29
GitHub Actions
19
Go
1,893
Maven
5,000+
npm
3,630
NuGet
638
pip
3,243
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,482 advisories

Loading
Malicious package may avoid detection in python auditing Moderate
CVE-2020-5252 was published for safety (pip) Mar 24, 2020
akoumjian G-Rath
Possible XSS attack in Wagtail Moderate
CVE-2020-11001 was published for wagtail (pip) Apr 14, 2020
SQL injection in Tortoise ORM Moderate
CVE-2020-11010 was published for tortoise-orm (pip) Apr 20, 2020
XSS in python-markdown2 Moderate
CVE-2020-11888 was published for markdown2 (pip) Apr 22, 2020
schinckel
XSS in Apache Airflow Moderate
CVE-2019-12398 was published for apache-airflow (pip) May 6, 2020
Potential Observable Timing Discrepancy in Wagtail Moderate
CVE-2020-11037 was published for wagtail (pip) May 7, 2020
thibaudcolas
Out-of-bounds read in TensorFlow possibly causing disclosure of the contents of process memory. Moderate
CVE-2018-21233 was published for tensorflow (pip) May 13, 2020
Data leakage via cache key collision in Django Moderate
CVE-2020-13254 was published for django (pip) Jun 5, 2020
tdunlap607
XSS in Django Moderate
CVE-2020-13596 was published for django (pip) Jun 5, 2020
tdunlap607
Directory traversal outside of SENDFILE_ROOT in django-sendfile2 Moderate
GHSA-6r3c-8xf3-ggrr was published for django-sendfile2 (pip) Jun 24, 2020
gipi moggers87
User passwords are stored in clear text in the Django session Moderate
CVE-2020-15105 was published for django-two-factor-auth (pip) Jul 10, 2020
nickcatal liewegas
benweissmann
Cross-Site Scripting in Wagtail Moderate
CVE-2020-15118 was published for wagtail (pip) Jul 20, 2020
acarasimon96
Possible pod name collisions in jupyterhub-kubespawner Moderate
CVE-2020-15110 was published for jupyterhub-kubespawner (pip) Jul 22, 2020
Multiple stored XSS in RBAC Admin screens in Apache Airflow Moderate
CVE-2020-11983 was published for apache-airflow (pip) Jul 27, 2020
Stored XSS in Apache Airflow Moderate
CVE-2020-9485 was published for apache-airflow (pip) Jul 27, 2020
Authorization Bypass in I hate money Moderate
CVE-2020-15120 was published for ihatemoney (pip) Jul 27, 2020
zorun
Out-of-bounds reads in Pillow Moderate
CVE-2020-10994 was published for Pillow (pip) Jul 27, 2020
Out-of-bounds reads in Pillow Moderate
CVE-2020-10177 was published for Pillow (pip) Jul 27, 2020
sunSUNQ
CSRF tokens leaked in URL by canned query form Moderate
GHSA-q6j3-c4wc-63vw was published for datasette (pip) Aug 11, 2020
Client Denial of Service on TUF Moderate
CVE-2020-6173 was published for tuf (pip) Aug 21, 2020
Heap Overflow in PyMiniRacer Moderate
CVE-2020-25489 was published for py-mini-racer (pip) Sep 18, 2020
Segfault in Tensorflow Moderate
CVE-2020-15190 was published for tensorflow (pip) Sep 25, 2020
Memory leak in Tensorflow Moderate
CVE-2020-15192 was published for tensorflow (pip) Sep 25, 2020
Denial of Service in Tensorflow Moderate
CVE-2020-15194 was published for tensorflow (pip) Sep 25, 2020
Heap buffer overflow in Tensorflow Moderate
CVE-2020-15198 was published for tensorflow (pip) Sep 25, 2020
ProTip! Advisories are also available from the GraphQL API