Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

3,429 advisories

Loading
Multiple cross-site scripting (XSS) vulnerabilities in Roundup Moderate
CVE-2012-6133 was published for roundup (pip) Apr 23, 2022
westonsteimel
Integer overflow in `SpaceToBatchND` Moderate
CVE-2022-29203 was published for tensorflow (pip) May 24, 2022
Missing validation causes denial of service via `Conv3DBackpropFilterV2` Moderate
CVE-2022-29204 was published for tensorflow (pip) May 24, 2022
Missing validation results in undefined behavior in `QuantizedConv2D` Moderate
CVE-2022-29201 was published for tensorflow (pip) May 24, 2022
Improper Access Control in MySQL Connector Python High
CVE-2019-2435 was published for mysql-connector-python (pip) May 13, 2022
Missing validation causes denial of service via `SparseTensorToCSRSparseMatrix` Moderate
CVE-2022-29198 was published for tensorflow (pip) May 24, 2022
Missing validation causes denial of service via `GetSessionTensor` Moderate
CVE-2022-29191 was published for tensorflow (pip) May 24, 2022
Missing validation causes denial of service via `DeleteSessionTensor` Moderate
CVE-2022-29194 was published for tensorflow (pip) May 24, 2022
Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging High
CVE-2022-24770 was published for gradio (pip) Mar 18, 2022
haby0
Remote unauthenticated attackers able to upload files in Onionshare Critical
CVE-2021-41868 was published for onionshare-cli (pip) Nov 19, 2021
Buffer Copy without Checking Size of Input in NumPy Moderate
CVE-2021-41496 was published for numpy (pip) Feb 8, 2022
MEI2Volpiano is vulnerable to XML External Entity (XXE), leading to a Denial of Service (DoS) High
CVE-2022-37189 was published for mei2volpiano (pip) Sep 8, 2022
Inconsistent Interpretation of HTTP Requests in Waitress High
CVE-2019-16792 was published for waitress (pip) May 24, 2022
simplejson before 2.6.1 vulnerable to array index error Moderate
CVE-2014-4616 was published for simplejson (pip) May 14, 2022
westonsteimel
Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates Moderate
CVE-2021-4180 was published for tripleo-heat-templates (pip) Mar 24, 2022
Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator oauthenticator Moderate
CVE-2022-31027 was published for oauthenticator (pip) Jun 6, 2022
GeorgianaElena yuvipanda
Access control issue in AlekSIS-Core Moderate
CVE-2022-29773 was published for aleksis-core (pip) Jun 4, 2022
pyLoad vulnerable to Improper Restriction of Rendered UI Layers or Frames Moderate
CVE-2023-0057 was published for pyload-ng (pip) Jan 5, 2023
Unrestricted Attachment Upload High
CVE-2022-2111 was published for inventree (pip) Jun 17, 2022
saharshtapi
Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute Moderate
CVE-2023-0055 was published for pyload-ng (pip) Jan 5, 2023
Token bruteforcing. Moderate
CVE-2022-29238 was published for notebook (pip) Jun 16, 2022
rashley-iqt
CSV Injection in inventree High
CVE-2022-2112 was published for inventree (pip) Jun 18, 2022
Tooxie Shiva 0.10.0 allows absolute path traversal because Flask send_file function used unsafely Critical
CVE-2022-31558 was published for shiva (pip) Jul 12, 2022
Incorrect handling of invalid surrogate pair characters High
CVE-2022-31116 was published for ujson (pip) Jul 5, 2022
JustAnotherArchivist the-bumble
Withdrawn: Denial of Service in aiohttp Moderate
CVE-2022-33124 was published for aiohttp (pip) Jun 24, 2022 withdrawn
webknjaz
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database