GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
349 advisories
Filter by severity
Regular Expression Denial of Service (ReDoS) in Pillow
Moderate
CVE-2021-25292
was published
for
Pillow
(pip)
Mar 29, 2021
Improper Access Control in Apache Airflow
High
CVE-2021-26559
was published
for
apache-airflow
(pip)
Apr 7, 2021
Apache Airflow cross-site scripting due to incomplete fix for CVE-2020-13944
Moderate
CVE-2020-17515
was published
for
apache-airflow
(pip)
Apr 20, 2021
Incorrect Session Validation in Apache Airflow
High
CVE-2020-17526
was published
for
apache-airflow
(pip)
Apr 20, 2021
Authentication bypass in Apache Airflow
Critical
CVE-2020-13927
was published
for
apache-airflow
(pip)
Apr 30, 2021
Information Disclosure in Apache Tomcat
Moderate
CVE-2021-24122
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 13, 2021
Uncontrolled Resource Consumption in Pillow
High
CVE-2021-28677
was published
for
Pillow
(pip)
Jun 8, 2021
Improper Authentication in Apache ActiveMQ and Apache Artemis
High
CVE-2021-26117
was published
for
org.apache.activemq:activemq-parent
(Maven)
Jun 16, 2021
Improper Authentication in Apache Airflow
Moderate
CVE-2021-26697
was published
for
apache-airflow
(pip)
Jun 18, 2021
Cross-site Scripting in Apache Airflow
Moderate
CVE-2021-28359
was published
for
apache-airflow
(pip)
Jun 18, 2021
HTTP Request Smuggling in Apache Tomcat
Moderate
CVE-2021-33037
was published
for
org.apache.tomcat:tomcat
(Maven)
Aug 13, 2021
Missing Authorization in Apache Airflow
Moderate
CVE-2021-35936
was published
for
apache-airflow
(pip)
Aug 30, 2021
Missing Release of Resource after Effective Lifetime in Apache Tomcat
High
CVE-2021-42340
was published
for
org.apache.tomcat:tomcat
(Maven)
Oct 15, 2021
Serialization gadgets exploit in jackson-databind
High
CVE-2020-35490
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Improper Initialization in Pillow
Moderate
CVE-2022-22815
was published
for
Pillow
(pip)
Jan 12, 2022
Infinite Loop in Apache Tomcat
High
CVE-2020-13935
was published
for
org.apache.tomcat:tomcat
(Maven)
Feb 8, 2022
Cross-site scripting (XSS) in Apache ActiveMQ
Moderate
CVE-2020-13947
was published
for
org.apache.activemq:activemq-parent
(Maven)
Feb 9, 2022
Remote code execution in Apache ActiveMQ
Critical
CVE-2020-11998
was published
for
org.apache.activemq:activemq-parent
(Maven)
Feb 9, 2022
Improper Authentication in Apache ActiveMQ
Moderate
CVE-2020-13920
was published
for
org.apache.activemq:activemq-parent
(Maven)
Feb 9, 2022
ProTip!
Advisories are also available from the
GraphQL API