Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

3,429 advisories

Loading
NULL Pointer Dereference and Access of Uninitialized Pointer in TensorFlow Critical
GHSA-h6gw-r52c-724r was published for tensorflow (pip) Feb 9, 2022
Integer Overflow or Wraparound in TensorFlow Moderate
GHSA-wcv5-vrvr-3rx2 was published for tensorflow (pip) Feb 9, 2022
Server crash if running Python 3.10 w/ Sanic 20.12 High
GHSA-7p79-6x2v-5h88 was published for sanic (pip) Feb 16, 2022
prryplatypus
Infinite loop in Pillow Low
GHSA-4fx9-vc88-q2xc was published for Pillow (pip) Mar 11, 2022
Incorrect Comparison in Vyper High
GHSA-7vrm-3jc8-5wwm was published for vyper (pip) Apr 4, 2022
Malware in ctx Critical
GHSA-4g82-3jcr-q52w was published for ctx (pip) May 25, 2022
SVG with embedded scripts can lead to cross-site scripting attacks in xml2rfc Moderate
GHSA-cf4q-4cqr-7g7w was published for xml2rfc (pip) Apr 22, 2022
`CHECK` failure in depthwise ops via overflows Moderate
GHSA-mw6j-hh29-h379 was published for tensorflow (pip) May 25, 2022
Embedded Malicious Code in ctx Critical
GHSA-67r3-h899-9w95 was published for ctx (pip) Jun 2, 2022
dompurify vulnerable to Cross-site Scripting Moderate
GHSA-pgjv-jrg2-gq3v was published for dompurify (pip) Jan 11, 2023
dompurify vulnerable to Cross-site Scripting Moderate
GHSA-h6p3-p4vx-wr8q was published for dompurify (pip) Jan 11, 2023
Cross Site Scripting vulnerability in django-jsonform's admin form. High
GHSA-x9jp-4w8m-4f3c was published for django-jsonform (pip) Jun 10, 2022
XSS Vulnerability in Markdown Editor High
GHSA-85q9-7467-r53q was published for inventree (pip) Jun 17, 2022
Gaurav-G2
Insufficient HTML Sanitization High
GHSA-rm89-9g65-4ffr was published for inventree (pip) Jun 17, 2022
saharshtapi
Formula Injection in Exported Data Moderate
GHSA-7rq4-qcpw-74gq was published for inventree (pip) Jun 17, 2022
saharshtapi
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pycares Moderate
GHSA-c58j-88f5-h53f was published for pycares (pip) Jul 5, 2022
SentinelOne impersonated via PyPI packages High
GHSA-g86j-hwg9-77q5 was published for SentinelOne (pip) Dec 27, 2022
personnummer/python vulnerable to Improper Input Validation Low
GHSA-rxq3-5249-8hgg was published for personnummer (pip) Sep 9, 2020
Twisted vulnerable to HTTP Request Smuggling Attacks Moderate
GHSA-8r99-h8j2-rw64 was published for twisted (pip) Oct 7, 2022
Improper Input Validation in pyload-ng Moderate
CVE-2023-0434 was published for pyload-ng (pip) Jan 22, 2023
Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints High
CVE-2022-43719 was published for apache-superset (pip) Jan 16, 2023
Apache Superset is vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2022-43718 was published for apache-superset (pip) Jan 16, 2023
Apache Superset vulnerable to Cross-site Scripting Moderate
CVE-2022-43717 was published for apache-superset (pip) Jan 16, 2023
Apache Superset's SQL Alchemy connector vulnerable to SQL Injection Moderate
CVE-2022-41703 was published for apache-superset (pip) Jan 16, 2023
Apache Superset vulnerable to Injection Moderate
CVE-2022-43720 was published for apache-superset (pip) Jan 16, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database