Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,039
Maven
5,000+
npm
4,779
NuGet
824
pip
4,380
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

136 advisories

Loading
DOS attack in Pillow when processing specially crafted image files High
CVE-2019-16865 was published for pillow (pip) Oct 22, 2019
sunSUNQ Credited to sunSUNQ
Django allows unintended model editing High
CVE-2019-19118 was published for Django (pip) Dec 4, 2019
sunSUNQ Credited to sunSUNQ
RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application High
CVE-2020-5398 was published for org.springframework:spring-webflux (Maven) Jan 21, 2020
briandealwis Credited to briandealwis and sunSUNQ sunSUNQ sunSUNQ
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-10672 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Apr 23, 2020
sunSUNQ Credited to sunSUNQ
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-11620 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Apr 23, 2020
sunSUNQ Credited to sunSUNQ
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-11113 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
sunSUNQ Credited to sunSUNQ
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-10968 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
sunSUNQ Credited to sunSUNQ
Potential remote code execution in Apache Tomcat High
CVE-2020-9484 was published for org.apache.tomcat:tomcat-catalina (Maven) May 21, 2020
sunSUNQ Credited to sunSUNQ
SQL injection in Django High
CVE-2020-9402 was published for Django (pip) Jun 5, 2020
sunSUNQ Credited to sunSUNQ
Deserialization of Untrusted Data High
CVE-2018-12023 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 15, 2020
sunSUNQ Credited to sunSUNQ
Deserialization of untrusted data in Jackson Databind High
CVE-2020-14195 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 18, 2020
sunSUNQ Credited to sunSUNQ
Deserialization of untrusted data in Jackson Databind High
CVE-2020-14060 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 18, 2020
sunSUNQ Credited to sunSUNQ
Deserialization of Untrusted Data in jackson-databind High
CVE-2018-5968 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 30, 2020
sunSUNQ Credited to sunSUNQ
Remote code execution (RCE) in Apache Airflow High
CVE-2020-11978 was published for apache-airflow (pip) Jul 27, 2020
sunSUNQ Credited to sunSUNQ
Out-of-bounds reads in Pillow High
CVE-2020-10177 was published for Pillow (pip) Jul 27, 2020
sunSUNQ Credited to sunSUNQ
Deserialization of untrusted data in jackson-databind High
CVE-2021-20190 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 20, 2021
sharonbz Credited to sharonbz and sunSUNQ sunSUNQ sunSUNQ
XML External Entity (XXE) Injection in Jackson Databind High
CVE-2020-25649 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Feb 18, 2021
yair-apiiro Credited to yair-apiiro and sunSUNQ sunSUNQ sunSUNQ
Pillow Denial of Service by Uncontrolled Resource Consumption High
CVE-2021-27923 was published for pillow (pip) Mar 18, 2021
sunSUNQ Credited to sunSUNQ
Pillow Denial of Service by Uncontrolled Resource Consumption High
CVE-2021-27921 was published for Pillow (pip) Mar 18, 2021
sunSUNQ Credited to sunSUNQ
Pillow Uncontrolled Resource Consumption High
CVE-2021-27922 was published for pillow (pip) Mar 18, 2021
sunSUNQ Credited to sunSUNQ
Pillow Out-of-bounds Write High
CVE-2020-35654 was published for Pillow (pip) Mar 18, 2021
sunSUNQ Credited to sunSUNQ
Out of bounds read in Pillow High
CVE-2021-25293 was published for Pillow (pip) Mar 29, 2021
sunSUNQ Credited to sunSUNQ
Out-of-bounds Write in Pillow High
CVE-2021-25290 was published for pillow (pip) Mar 29, 2021
sunSUNQ Credited to sunSUNQ
Out of bounds read in Pillow High
CVE-2021-25291 was published for Pillow (pip) Mar 29, 2021
tdunlap607 Credited to tdunlap607 and sunSUNQ sunSUNQ sunSUNQ
Improper Access Control in Apache Airflow High
CVE-2021-26559 was published for apache-airflow (pip) Apr 7, 2021
sunSUNQ Credited to sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database