Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
2,818
Erlang
23
GitHub Actions
38
Go
2,203
Maven
2,576
npm
2,819
NuGet
487
pip
2,656
Pub
5
RubyGems
328
Rust
877
Swift
19
Unreviewed advisories
All unreviewed
5,000+

149,730 advisories

Loading
JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form> Moderate
CVE-2021-32797 was published for jupyterlab (pip) Aug 23, 2021
0xDeva Credited to 0xDeva
Special Element Injection in notebook High
CVE-2021-32798 was published for notebook (pip) Aug 23, 2021
0xDeva Credited to 0xDeva
Widget feature vulnerability allowing to execute JavaScript code using undo functionality High
CVE-2021-32808 was published for ckeditor4 (npm) Aug 23, 2021
Clipboard feature vulnerability allowing to inject arbitrary HTML into the editor using paste functionality Moderate
CVE-2021-32809 was published for ckeditor4 (npm) Aug 23, 2021
PHP file inclusion via insert tags Moderate
CVE-2021-37626 was published for contao/contao (Composer) Aug 23, 2021
ausi Credited to ausi
Privilege escalation via form generator High
CVE-2021-37627 was published for contao/contao (Composer) Aug 23, 2021
ausi Credited to ausi
Argo Server TLS requests could be forged by attacker with network access Moderate
GHSA-6c73-2v8x-qpvm was published for github.com/argoproj/argo-workflows/v3 (Go) Aug 23, 2021
Potential privilege escalation on Kubernetes >= v1.19 when the Argo Sever is run with `--auth-mode=client` Low
GHSA-prqf-xr2j-xf65 was published for github.com/argoproj/argo-workflows/v3 (Go) Aug 23, 2021
parse-server new anonymous user session acts as if it's created with password Moderate
CVE-2021-39138 was published for parse-server (npm) Aug 23, 2021
cbaker6 Credited to cbaker6
CKEditor 4 vulnerabilities in versions <4.16.1 Moderate
GHSA-cfcv-q4qq-2ph4 was published for pimcore/pimcore (Composer) Aug 23, 2021
Fake objects feature vulnerability allowing to execute JavaScript code using malformed HTML. High
CVE-2021-37695 was published for ckeditor4 (npm) Aug 23, 2021
Improper Handling of Unexpected Data Type in ced High
CVE-2021-39131 was published for ced (npm) Aug 23, 2021
cristianstaicu Credited to cristianstaicu
Uncaught Exception in jsoup High
CVE-2021-37714 was published for org.jsoup:jsoup (Maven) Aug 23, 2021
0roman Credited to 0roman
Authenticated server-side request forgery in file upload via URL. High
CVE-2021-37711 was published for shopware/core (Composer) Aug 23, 2021
Cross-Site Scripting via SVG media files High
CVE-2021-37710 was published for shopware/core (Composer) Aug 23, 2021
Segfault on strings tensors with mistmatched dimensions, due to Go code Moderate
CVE-2021-37692 was published for tensorflow (pip) Aug 25, 2021
FPE in LSH in TFLite Moderate
CVE-2021-37691 was published for tensorflow (pip) Aug 25, 2021
Use after free and segfault in shape inference functions Moderate
CVE-2021-37690 was published for tensorflow (pip) Aug 25, 2021
Null pointer dereference in TFLite MLIR optimizations High
CVE-2021-37689 was published for tensorflow (pip) Aug 25, 2021
KateCatlin Credited to KateCatlin
Null pointer dereference in TFLite High
CVE-2021-37688 was published for tensorflow (pip) Aug 25, 2021
Infinite loop in TFLite Moderate
CVE-2021-37686 was published for tensorflow (pip) Aug 25, 2021
Heap OOB in TFLite's `Gather*` implementations Moderate
CVE-2021-37687 was published for tensorflow (pip) Aug 25, 2021
Heap OOB in TFLite Moderate
CVE-2021-37685 was published for tensorflow (pip) Aug 25, 2021
FPE in TFLite pooling operations Moderate
CVE-2021-37684 was published for tensorflow (pip) Aug 25, 2021
FPE in TFLite division operations Moderate
CVE-2021-37683 was published for tensorflow (pip) Aug 25, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database