GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
58 advisories
Filter by severity
Arbitrary code using "crafted image file" approach affecting Pillow
High
CVE-2016-9190
was published
for
Pillow
(pip)
Jul 12, 2018
Uncontrolled Resource Consumption in pillow
Moderate
GHSA-jgpv-4h4c-xhw3
was published
for
pillow
(pip)
Apr 23, 2021
Uncontrolled Resource Consumption in Pillow
High
CVE-2019-19911
was published
for
Pillow
(pip)
Apr 1, 2020
Pillow denial of service via Crafted Block Size
Moderate
CVE-2014-3589
was published
for
pillow
(pip)
May 14, 2022
Pillow denial of service via PNG bomb
Moderate
CVE-2014-9601
was published
for
pillow
(pip)
May 14, 2022
PIL and Pillow Vulnerable to Symlink Attack on Tmpfiles
Moderate
CVE-2014-1932
was published
for
pillow
(pip)
May 17, 2022
Pillow subject to DoS via SAMPLESPERPIXEL tag
High
CVE-2022-45199
was published
for
pillow
(pip)
Nov 14, 2022
Insufficient Verification of Data Authenticity in Pillow
Moderate
CVE-2021-28678
was published
for
Pillow
(pip)
Jun 8, 2021
Buffer Copy without Checking Size of Input in Pillow
Critical
CVE-2020-5311
was published
for
pillow
(pip)
May 24, 2022
Pillow Buffer overflow in ImagingLibTiffDecode
Moderate
CVE-2016-0740
was published
for
Pillow
(pip)
Jul 24, 2018
Pillow Buffer overflow in ImagingFliDecode
Moderate
CVE-2016-0775
was published
for
Pillow
(pip)
Jul 24, 2018
ProTip!
Advisories are also available from the
GraphQL API