GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
                  
                    
                      
                      All reviewed
                    
                    
                      5,000+
                    
                  
                  
                    
                      
                      Composer
                    
                    
                      4,950
                    
                  
                  
                    
                      
                      Erlang
                    
                    
                      39
                    
                  
                  
                    
                      
                      GitHub Actions
                    
                    
                      38
                    
                  
                  
                    
                      
                      Go
                    
                    
                      2,603
                    
                  
                  
                    
                      
                      Maven
                    
                    
                      5,000+
                    
                  
                  
                    
                      
                      npm
                    
                    
                      4,250
                    
                  
                  
                    
                      
                      NuGet
                    
                    
                      755
                    
                  
                  
                    
                      
                      pip
                    
                    
                      4,013
                    
                  
                  
                    
                      
                      Pub
                    
                    
                      12
                    
                  
                  
                    
                      
                      RubyGems
                    
                    
                      953
                    
                  
                  
                    
                      
                      Rust
                    
                    
                      1,048
                    
                  
                  
                    
                      
                      Swift
                    
                    
                      45
                    
                  
                  Unreviewed advisories
                  
                    
                      
                      All unreviewed
                    
                    
                      5,000+
                    
                  
            1,649 advisories
        Filter by severity
        
      
      
    
                    
                      `CHECK` failure in depthwise ops via overflows
                    
                      
  Moderate
                    
                
                      
                        GHSA-mw6j-hh29-h379
                      
                      was published
                        for
                        
                          tensorflow
                        
                        (pip)
                      May 25, 2022 
                    
                  
                    
                      dompurify vulnerable to Cross-site Scripting
                    
                      
  Moderate
                    
                
                      
                        GHSA-pgjv-jrg2-gq3v
                      
                      was published
                        for
                        
                          dompurify
                        
                        (pip)
                      Jan 11, 2023 
                    
                  
                    
                      dompurify vulnerable to Cross-site Scripting
                    
                      
  Moderate
                    
                
                      
                        GHSA-h6p3-p4vx-wr8q
                      
                      was published
                        for
                        
                          dompurify
                        
                        (pip)
                      Jan 11, 2023 
                    
                  
                    
                      Formula Injection in Exported Data
                    
                      
  Moderate
                    
                
                      
                        GHSA-7rq4-qcpw-74gq
                      
                      was published
                        for
                        
                          inventree
                        
                        (pip)
                      Jun 17, 2022 
                    
                  
                    
                      Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pycares
                    
                      
  Moderate
                    
                
                      
                        GHSA-c58j-88f5-h53f
                      
                      was published
                        for
                        
                          pycares
                        
                        (pip)
                      Jul 5, 2022 
                    
                  
                    
                      Twisted vulnerable to HTTP Request Smuggling Attacks
                    
                      
  Moderate
                    
                
                      
                        GHSA-8r99-h8j2-rw64
                      
                      was published
                        for
                        
                          twisted
                        
                        (pip)
                      Oct 7, 2022 
                    
                  
                    
                      Improper Input Validation in pyload-ng
                    
                      
  Moderate
                    
                
                      
                        CVE-2023-0434
                      
                      was published
                        for
                        
                          pyload-ng
                        
                        (pip)
                      Jan 22, 2023 
                    
                  
                    
                      Apache Superset is vulnerable to Cross-Site Scripting (XSS) 
                    
                      
  Moderate
                    
                
                      
                        CVE-2022-43718
                      
                      was published
                        for
                        
                          apache-superset
                        
                        (pip)
                      Jan 16, 2023 
                    
                  
                    
                      Apache Superset vulnerable to Cross-site Scripting
                    
                      
  Moderate
                    
                
                      
                        CVE-2022-43717
                      
                      was published
                        for
                        
                          apache-superset
                        
                        (pip)
                      Jan 16, 2023 
                    
                  
                    
                      Apache Superset's SQL Alchemy connector vulnerable to SQL Injection
                    
                      
  Moderate
                    
                
                      
                        CVE-2022-41703
                      
                      was published
                        for
                        
                          apache-superset
                        
                        (pip)
                      Jan 16, 2023 
                    
                  
                    
                      Apache Superset vulnerable to Injection
                    
                      
  Moderate
                    
                
                      
                        CVE-2022-43720
                      
                      was published
                        for
                        
                          apache-superset
                        
                        (pip)
                      Jan 16, 2023 
                    
                  
                    
                      Apache Superset has Improper Access Control
                    
                      
  Moderate
                    
                
                      
                        CVE-2022-45438
                      
                      was published
                        for
                        
                          apache-superset
                        
                        (pip)
                      Jan 16, 2023 
                    
                  
                    
                      Apache Superset Open Redirect vulnerability
                    
                      
  Moderate
                    
                
                      
                        CVE-2022-43721
                      
                      was published
                        for
                        
                          apache-superset
                        
                        (pip)
                      Jan 16, 2023 
                    
                  
                    
                      SQL Injection in FreeTAKServer-UI
                    
                      
  Moderate
                    
                
                      
                        CVE-2022-25506
                      
                      was published
                        for
                        
                          FreeTAKServer-UI
                        
                        (pip)
                      Mar 12, 2022 
                    
                  
                    
                      Path traversal in FreeTAKServer-UI
                    
                      
  Moderate
                    
                
                      
                        CVE-2022-25511
                      
                      was published
                        for
                        
                          FreeTAKServer-UI
                        
                        (pip)
                      Mar 12, 2022 
                    
                  
                    
                      Cross-site Scripting in FreeTAKServer-UI
                    
                      
  Moderate
                    
                
                      
                        CVE-2022-25507
                      
                      was published
                        for
                        
                          FreeTAKServer-UI
                        
                        (pip)
                      Mar 12, 2022 
                    
                  
                    
                      XML External Entities Vulnerability in CVRF-CSAF-Converter
                    
                      
  Moderate
                    
                
                      
                        CVE-2022-27193
                      
                      was published
                        for
                        
                          cvrf2csaf
                        
                        (pip)
                      Mar 16, 2022 
                    
                  
                    
                      Insertion of Sensitive Information into Log File in ansible
                    
                      
  Moderate
                    
                
                      
                        CVE-2021-20180
                      
                      was published
                        for
                        
                          ansible
                        
                        (pip)
                      Mar 17, 2022 
                    
                  
                    
                      Open Redirect in Flask-AppBuilder
                    
                      
  Moderate
                    
                
                      
                        CVE-2022-24776
                      
                      was published
                        for
                        
                          Flask-AppBuilder
                        
                        (pip)
                      Mar 25, 2022 
                    
                  
                    
                      Missing validation causes `TensorSummaryV2` to crash
                    
                      
  Moderate
                    
                
                      
                        CVE-2022-29193
                      
                      was published
                        for
                        
                          tensorflow
                        
                        (pip)
                      May 24, 2022 
                    
                  
                    
                      Regular expression denial of service in url_regex
                    
                      
  Moderate
                    
                
                      
                        CVE-2022-21195
                      
                      was published
                        for
                        
                          url_regex
                        
                        (pip)
                      May 21, 2022 
                    
                  
                    
                      Missing validation causes denial of service via `StagePeek`
                    
                      
  Moderate
                    
                
                      
                        CVE-2022-29195
                      
                      was published
                        for
                        
                          tensorflow
                        
                        (pip)
                      May 24, 2022 
                    
                  
                    
                      Missing validation causes denial of service via `LoadAndRemapMatrix`
                    
                      
  Moderate
                    
                
                      
                        CVE-2022-29199
                      
                      was published
                        for
                        
                          tensorflow
                        
                        (pip)
                      May 24, 2022 
                    
                  
                    
                      Undefined behavior when users supply invalid resource handles
                    
                      
  Moderate
                    
                
                      
                        CVE-2022-29207
                      
                      was published
                        for
                        
                          tensorflow
                        
                        (pip)
                      May 24, 2022 
                    
                  
                    
                      Missing validation results in undefined behavior in `SparseTensorDenseAdd
                    
                      
  Moderate
                    
                
                      
                        CVE-2022-29206
                      
                      was published
                        for
                        
                          tensorflow
                        
                        (pip)
                      May 24, 2022 
                    
                  
        
        ProTip!
        Advisories are also available from the 
        GraphQL API