GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
270 advisories
Filter by severity
Heap buffer overflow in `UnsortedSegmentSum` in TensorFlow
Low
CVE-2019-16778
was published
for
tensorflow
(pip)
Dec 16, 2019
Vyper interfaces returning integer types less than 256 bits can be manipulated if uint256 is used
Low
GHSA-mr6r-mvw4-736g
was published
for
vyper
(pip)
Mar 25, 2020
Incorrect Provision of Specified Functionality in qutebrowser
Low
CVE-2020-11054
was published
for
qutebrowser
(pip)
May 8, 2020
Timing attack on django-basic-auth-ip-whitelist
Low
CVE-2020-4071
was published
for
django-basic-auth-ip-whitelist
(pip)
Jun 23, 2020
Path Traversal in openapi-python-client
Low
CVE-2020-15141
was published
for
openapi-python-client
(pip)
Aug 20, 2020
personnummer/python vulnerable to Improper Input Validation
Low
GHSA-rxq3-5249-8hgg
was published
for
personnummer
(pip)
Sep 9, 2020
Buffer overflow in deprecated USB HALs and stack overflow in USB enumeration
Low
GHSA-f366-4rvv-95x2
was published
for
cryptoauthlib
(pip)
Oct 2, 2020
Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request
Low
CVE-2020-15239
was published
for
xmpp-http-upload
(pip)
Oct 6, 2020
CLI does not correctly implement strict mode
Low
GHSA-2xwp-m7mq-7q3r
was published
for
aws-encryption-sdk-cli
(pip)
Oct 28, 2020
Segfault in `tf.quantization.quantize_and_dequantize`
Low
CVE-2020-15265
was published
for
tensorflow
(pip)
Nov 13, 2020
Float cast overflow undefined behavior
Low
CVE-2020-15266
was published
for
tensorflow
(pip)
Nov 13, 2020
datasette-graphql leaks details of the schema of private database files
Low
GHSA-74hv-qjjq-h7g5
was published
for
datasette-graphql
(pip)
Nov 24, 2020
UNEDITABLE_SCHEMAS and UNEDITABLE_TABLE_DESCRIPTION_MATCH_RULES not respected by frontend service backend
Low
GHSA-47qg-q58v-7vrp
was published
for
amundsen-frontend
(pip)
Dec 2, 2020
Uninitialized memory access in TensorFlow
Low
CVE-2020-26266
was published
for
tensorflow
(pip)
Dec 10, 2020
Lack of validation in data format attributes in TensorFlow
Low
CVE-2020-26267
was published
for
tensorflow
(pip)
Dec 10, 2020
Write to immutable memory region in TensorFlow
Low
CVE-2020-26268
was published
for
tensorflow
(pip)
Dec 10, 2020
CHECK-fail in LSTM with zero-length input in TensorFlow
Low
CVE-2020-26270
was published
for
tensorflow
(pip)
Dec 10, 2020
Heap out of bounds access in MakeEdge in TensorFlow
Low
CVE-2020-26271
was published
for
tensorflow
(pip)
Dec 10, 2020
Apache Airflow logs passwords in plaintext
Low
CVE-2020-17511
was published
for
apache-airflow
(pip)
Dec 17, 2020
Key Caching behavior in the DynamoDB Encryption Client.
Low
GHSA-4ph2-8337-hm62
was published
for
dynamodb-encryption-sdk
(pip)
Feb 8, 2021
`aiohttp` Open Redirect vulnerability (`normalize_path_middleware` middleware)
Low
CVE-2021-21330
was published
for
aiohttp
(pip)
Feb 26, 2021
URL Redirection to Untrusted Site ('Open Redirect') in Products.PluggableAuthService
Low
CVE-2021-21337
was published
for
Products.PluggableAuthService
(pip)
Mar 8, 2021
ProTip!
Advisories are also available from the
GraphQL API