GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
404 advisories
Filter by severity
py7zr directory traversal vulnerability
Critical
CVE-2022-44900
was published
for
py7zr
(pip)
Dec 6, 2022
pwntools Server-Side Template Injection (SSTI) vulnerability
Critical
CVE-2020-28468
was published
for
pwntools
(pip)
Apr 20, 2021
Plone Unauthenticated Write Vulnerability
Critical
CVE-2020-7941
was published
for
Plone
(pip)
May 24, 2022
Incorrect Permission Assignment for Critical Resource in Plone
Critical
CVE-2021-33509
was published
for
Plone
(pip)
Jun 15, 2021
Improper Restriction of XML External Entity Reference in Quokka
Critical
CVE-2020-18705
was published
for
quokka
(pip)
Aug 30, 2021
Improper Restriction of XML External Entity Reference in Quokka
Critical
CVE-2020-18703
was published
for
quokka
(pip)
Aug 30, 2021
Radicale vulnerable to arbitrary file read or write
Critical
CVE-2015-8747
was published
for
Radicale
(pip)
May 17, 2022
PyYAML insecurely deserializes YAML strings leading to arbitrary code execution
Critical
CVE-2017-18342
was published
for
pyyaml
(pip)
Jan 4, 2019
python-jose failure to use a constant time comparison for HMAC keys
Critical
CVE-2016-7036
was published
for
python-jose
(pip)
May 17, 2022
Remote code execution in pytorch lightning
Critical
CVE-2024-5452
was published
for
lightning
(pip)
Jun 6, 2024
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection
Critical
CVE-2024-37301
was published
for
document-merge-service
(pip)
Jun 11, 2024
Apache Spark vulnerable to Improper Privilege Management
Critical
CVE-2023-22946
was published
for
org.apache.spark:spark-core_2.12
(Maven)
Apr 17, 2023
changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution
Critical
CVE-2024-32651
was published
for
changedetection.io
(pip)
Oct 15, 2024
Improper Authentication in Apache Spark
Critical
CVE-2020-9480
was published
for
org.apache.spark:spark-parent_2.11
(Maven)
Feb 10, 2022
Plone Privilege Escalation Vulnerability
Critical
CVE-2011-0720
was published
for
Plone
(pip)
May 17, 2022
pipreqs vulnerable to Dependency Confusion
Critical
CVE-2023-31543
was published
for
pipreqs
(pip)
Jun 30, 2023
Arbitrary expression injection in Pillow
Critical
CVE-2022-22817
was published
for
Pillow
(pip)
Jan 12, 2022
Vyper has incorrectly allocated named re-entrancy locks
Critical
CVE-2023-39363
was published
for
vyper
(pip)
Aug 9, 2023
Searchor CLI's Search vulnerable to Arbitrary Code using Eval
Critical
CVE-2023-43364
was published
for
searchor
(pip)
Sep 25, 2023
piccolo SQL Injection via named transaction savepoints
Critical
CVE-2023-47128
was published
for
piccolo
(pip)
Nov 12, 2023
ProTip!
Advisories are also available from the
GraphQL API