Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

3,446 advisories

Loading
Apache Superset Open Redirect vulnerability Moderate
CVE-2022-43721 was published for apache-superset (pip) Jan 16, 2023
Apache Superset has Improper Access Control Moderate
CVE-2022-45438 was published for apache-superset (pip) Jan 16, 2023
Improper Certificate Validation in pyload-ng High
CVE-2023-0509 was published for pyload-ng (pip) Jan 27, 2023
Cross Site Request Forgery in mailman High
CVE-2021-44227 was published for mailman (pip) Dec 16, 2021
Path traversal in FreeTAKServer-UI Moderate
CVE-2022-25511 was published for FreeTAKServer-UI (pip) Mar 12, 2022
SQL Injection in FreeTAKServer-UI Moderate
CVE-2022-25506 was published for FreeTAKServer-UI (pip) Mar 12, 2022
Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI High
CVE-2022-25512 was published for FreeTAKServer-UI (pip) Mar 12, 2022
Cross-site Scripting in FreeTAKServer-UI Moderate
CVE-2022-25507 was published for FreeTAKServer-UI (pip) Mar 12, 2022
XML External Entities Vulnerability in CVRF-CSAF-Converter Moderate
CVE-2022-27193 was published for cvrf2csaf (pip) Mar 16, 2022
Insertion of Sensitive Information into Log File in ansible Moderate
CVE-2021-20180 was published for ansible (pip) Mar 17, 2022
KamilaBorowska
Allocation of Resources Without Limits or Throttling in nvflare High
CVE-2022-21822 was published for nvflare (pip) Mar 18, 2022
Nintorac
Insertion of Sensitive Information into Log File in Jupyter notebook High
CVE-2022-24757 was published for jupyter-server (pip) Mar 25, 2022
3coins
Open Redirect in Flask-AppBuilder Moderate
CVE-2022-24776 was published for Flask-AppBuilder (pip) Mar 25, 2022
Sensitive Auth & Cookie data stored in Jupyter server logs High
CVE-2022-24758 was published for notebook (pip) Apr 5, 2022
3coins
Missing validation causes `TensorSummaryV2` to crash Moderate
CVE-2022-29193 was published for tensorflow (pip) May 24, 2022
Regular expression denial of service in url_regex Moderate
CVE-2022-21195 was published for url_regex (pip) May 21, 2022
Missing validation causes denial of service via `StagePeek` Moderate
CVE-2022-29195 was published for tensorflow (pip) May 24, 2022
Missing validation causes denial of service via `LoadAndRemapMatrix` Moderate
CVE-2022-29199 was published for tensorflow (pip) May 24, 2022
Undefined behavior when users supply invalid resource handles Moderate
CVE-2022-29207 was published for tensorflow (pip) May 24, 2022
Missing validation results in undefined behavior in `SparseTensorDenseAdd Moderate
CVE-2022-29206 was published for tensorflow (pip) May 24, 2022
Integer bounds error in Vyper High
CVE-2022-24845 was published for vyper (pip) Apr 22, 2022
Segfault due to missing support for quantized types Moderate
CVE-2022-29205 was published for tensorflow (pip) May 24, 2022
Missing validation crashes `QuantizeAndDequantizeV4Grad` Moderate
CVE-2022-29192 was published for tensorflow (pip) May 24, 2022
PaddlePaddle vulnerable to code injection via winstr Critical
CVE-2022-45908 was published for paddlepaddle (pip) Nov 26, 2022
Missing validation causes denial of service via `UnsortedSegmentJoin` Moderate
CVE-2022-29197 was published for tensorflow (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database