Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

134 advisories

Loading
DOS attack in Pillow when processing specially crafted image files High
CVE-2019-16865 was published for pillow (pip) Oct 22, 2019
sunSUNQ
RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application High
CVE-2020-5398 was published for org.springframework:spring-webflux (Maven) Jan 21, 2020
briandealwis sunSUNQ
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-10672 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Apr 23, 2020
sunSUNQ
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-11620 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Apr 23, 2020
sunSUNQ
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-11113 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
sunSUNQ
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-10968 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
sunSUNQ
Potential remote code execution in Apache Tomcat High
CVE-2020-9484 was published for org.apache.tomcat:tomcat-catalina (Maven) May 21, 2020
sunSUNQ
SQL injection in Django High
CVE-2020-9402 was published for Django (pip) Jun 5, 2020
sunSUNQ
Deserialization of Untrusted Data High
CVE-2018-12023 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 15, 2020
sunSUNQ
Deserialization of untrusted data in Jackson Databind High
CVE-2020-14195 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 18, 2020
sunSUNQ
Deserialization of untrusted data in Jackson Databind High
CVE-2020-14060 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 18, 2020
sunSUNQ
Deserialization of Untrusted Data in jackson-databind High
CVE-2018-5968 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 30, 2020
sunSUNQ
Remote code execution (RCE) in Apache Airflow High
CVE-2020-11978 was published for apache-airflow (pip) Jul 27, 2020
sunSUNQ
Deserialization of untrusted data in jackson-databind High
CVE-2021-20190 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 20, 2021
sharonbz sunSUNQ
XML External Entity (XXE) Injection in Jackson Databind High
CVE-2020-25649 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Feb 18, 2021
yair-apiiro sunSUNQ
Pillow Denial of Service by Uncontrolled Resource Consumption High
CVE-2021-27923 was published for Pillow (pip) Mar 18, 2021
sunSUNQ
Pillow Denial of Service by Uncontrolled Resource Consumption High
CVE-2021-27921 was published for Pillow (pip) Mar 18, 2021
sunSUNQ
Pillow Uncontrolled Resource Consumption High
CVE-2021-27922 was published for Pillow (pip) Mar 18, 2021
sunSUNQ
Pillow Out-of-bounds Write High
CVE-2020-35654 was published for Pillow (pip) Mar 18, 2021
sunSUNQ
Django Incorrect Default Permissions High
CVE-2020-24584 was published for django (pip) Mar 18, 2021
sunSUNQ
Out of bounds write in Pillow High
CVE-2021-25289 was published for Pillow (pip) Mar 29, 2021
sunSUNQ
Out of bounds read in Pillow High
CVE-2021-25293 was published for Pillow (pip) Mar 29, 2021
sunSUNQ
Out-of-bounds Write in Pillow High
CVE-2021-25290 was published for Pillow (pip) Mar 29, 2021
sunSUNQ
Out of bounds read in Pillow High
CVE-2021-25291 was published for Pillow (pip) Mar 29, 2021
tdunlap607 sunSUNQ
Incorrect Session Validation in Apache Airflow High
CVE-2020-17526 was published for apache-airflow (pip) Apr 20, 2021
sunSUNQ
ProTip! Advisories are also available from the GraphQL API