Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,950
Erlang
39
GitHub Actions
38
Go
2,603
Maven
5,000+
npm
4,250
NuGet
755
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,649 advisories

Loading
Regular expression denial of service in eth-account Moderate
CVE-2022-1930 was published for eth-account (pip) Aug 23, 2022
Open Redirect in Apache Superset Moderate
CVE-2021-28125 was published for apache-superset (pip) Oct 6, 2021
westonsteimel
Credited to westonsteimel
Incorrect Comparison in NumPy Moderate
CVE-2021-34141 was published for numpy (pip) Dec 18, 2021
Open redirect in web2py Moderate
CVE-2022-33146 was published for web2py (pip) Jun 28, 2022
Potential double free of buffer during string decoding Moderate
CVE-2022-31117 was published for ujson (pip) Jul 5, 2022
JustAnotherArchivist
Credited to JustAnotherArchivist
Withdrawn: Denial of Service in aiohttp Moderate
CVE-2022-33124 was published for aiohttp (pip) Jun 24, 2022 withdrawn
webknjaz
Credited to webknjaz
Token bruteforcing. Moderate
CVE-2022-29238 was published for notebook (pip) Jun 16, 2022
rashley-iqt
Credited to rashley-iqt
Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute Moderate
CVE-2023-0055 was published for pyload-ng (pip) Jan 5, 2023
pyLoad vulnerable to Improper Restriction of Rendered UI Layers or Frames Moderate
CVE-2023-0057 was published for pyload-ng (pip) Jan 5, 2023
Access control issue in AlekSIS-Core Moderate
CVE-2022-29773 was published for aleksis-core (pip) Jun 4, 2022
Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator oauthenticator Moderate
CVE-2022-31027 was published for oauthenticator (pip) Jun 6, 2022
GeorgianaElena yuvipanda
Credited to GeorgianaElena and yuvipanda
Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates Moderate
CVE-2021-4180 was published for tripleo-heat-templates (pip) Mar 24, 2022
simplejson before 2.6.1 vulnerable to array index error Moderate
CVE-2014-4616 was published for simplejson (pip) May 14, 2022
westonsteimel
Credited to westonsteimel
Buffer Copy without Checking Size of Input in NumPy Moderate
CVE-2021-41496 was published for numpy (pip) Feb 8, 2022
Missing validation causes denial of service via `SparseTensorToCSRSparseMatrix` Moderate
CVE-2022-29198 was published for tensorflow (pip) May 24, 2022
Missing validation causes denial of service via `GetSessionTensor` Moderate
CVE-2022-29191 was published for tensorflow (pip) May 24, 2022
Missing validation causes denial of service via `DeleteSessionTensor` Moderate
CVE-2022-29194 was published for tensorflow (pip) May 24, 2022
Missing validation causes denial of service via `Conv3DBackpropFilterV2` Moderate
CVE-2022-29204 was published for tensorflow (pip) May 24, 2022
Integer overflow in `SpaceToBatchND` Moderate
CVE-2022-29203 was published for tensorflow (pip) May 24, 2022
Missing validation results in undefined behavior in `QuantizedConv2D` Moderate
CVE-2022-29201 was published for tensorflow (pip) May 24, 2022
Multiple cross-site scripting (XSS) vulnerabilities in Roundup Moderate
CVE-2012-6133 was published for roundup (pip) Apr 23, 2022
westonsteimel
Credited to westonsteimel
Missing validation causes denial of service via `UnsortedSegmentJoin` Moderate
CVE-2022-29197 was published for tensorflow (pip) May 24, 2022
Missing validation crashes `QuantizeAndDequantizeV4Grad` Moderate
CVE-2022-29192 was published for tensorflow (pip) May 24, 2022
Segfault due to missing support for quantized types Moderate
CVE-2022-29205 was published for tensorflow (pip) May 24, 2022
Missing validation causes denial of service via `LoadAndRemapMatrix` Moderate
CVE-2022-29199 was published for tensorflow (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database