GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,832
Maven
5,000+
npm
3,573
NuGet
632
pip
3,159
Pub
10
RubyGems
847
Rust
797
Swift
34
Unreviewed advisories
All unreviewed
5,000+
286 advisories
Filter by severity
Exposure of Sensitive Information to an Unauthorized Actor and Insecure Temporary File in Ansible
Low
CVE-2020-1740
was published
for
ansible
(pip)
Apr 7, 2021
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible
Low
CVE-2020-10685
was published
for
ansible
(pip)
Apr 7, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Ansible
Low
CVE-2020-1739
was published
for
ansible
(pip)
Apr 7, 2021
Potential sensitive information disclosed in error reports
Low
CVE-2021-21416
was published
for
django-registration
(pip)
Apr 6, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup
Low
CVE-2021-21360
was published
for
Products.GenericSetup
(pip)
Mar 9, 2021
URL Redirection to Untrusted Site ('Open Redirect') in Products.PluggableAuthService
Low
CVE-2021-21337
was published
for
Products.PluggableAuthService
(pip)
Mar 8, 2021
Open redirects on some federation and push requests
Low
CVE-2021-21273
was published
for
matrix-synapse
(pip)
Feb 26, 2021
`aiohttp` Open Redirect vulnerability (`normalize_path_middleware` middleware)
Low
CVE-2021-21330
was published
for
aiohttp
(pip)
Feb 26, 2021
Regular Expression Denial of Service (REDoS) in httplib2
Low
CVE-2021-21240
was published
for
httplib2
(pip)
Feb 8, 2021
Key Caching behavior in the DynamoDB Encryption Client.
Low
GHSA-4ph2-8337-hm62
was published
for
dynamodb-encryption-sdk
(pip)
Feb 8, 2021
SAML XML Signature wrapping in PySAML2
Low
CVE-2021-21238
was published
for
pysaml2
(pip)
Jan 21, 2021
Heap out of bounds access in MakeEdge in TensorFlow
Low
CVE-2020-26271
was published
for
tensorflow
(pip)
Dec 10, 2020
CHECK-fail in LSTM with zero-length input in TensorFlow
Low
CVE-2020-26270
was published
for
tensorflow
(pip)
Dec 10, 2020
Write to immutable memory region in TensorFlow
Low
CVE-2020-26268
was published
for
tensorflow
(pip)
Dec 10, 2020
Lack of validation in data format attributes in TensorFlow
Low
CVE-2020-26267
was published
for
tensorflow
(pip)
Dec 10, 2020
Uninitialized memory access in TensorFlow
Low
CVE-2020-26266
was published
for
tensorflow
(pip)
Dec 10, 2020
UNEDITABLE_SCHEMAS and UNEDITABLE_TABLE_DESCRIPTION_MATCH_RULES not respected by frontend service backend
Low
GHSA-47qg-q58v-7vrp
was published
for
amundsen-frontend
(pip)
Dec 2, 2020
datasette-graphql leaks details of the schema of private database files
Low
GHSA-74hv-qjjq-h7g5
was published
for
datasette-graphql
(pip)
Nov 24, 2020
Float cast overflow undefined behavior
Low
CVE-2020-15266
was published
for
tensorflow
(pip)
Nov 13, 2020
Segfault in `tf.quantization.quantize_and_dequantize`
Low
CVE-2020-15265
was published
for
tensorflow
(pip)
Nov 13, 2020
CLI does not correctly implement strict mode
Low
GHSA-2xwp-m7mq-7q3r
was published
for
aws-encryption-sdk-cli
(pip)
Oct 28, 2020
Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request
Low
CVE-2020-15239
was published
for
xmpp-http-upload
(pip)
Oct 6, 2020
ProTip!
Advisories are also available from the
GraphQL API