Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

23 advisories

Loading
Integer truncation in Shard API usage High
CVE-2020-15202 was published for tensorflow (pip) Sep 25, 2020
Ory fosite contains Improper Handling of Exceptional Conditions High
CVE-2020-15223 was published for github.com/ory/fosite (Go) May 24, 2021
jclebreton
Incorrect handling of H2 GOAWAY + SETTINGS frames High
CVE-2021-39162 was published for github.com/pomerium/pomerium (Go) Sep 10, 2021
Uncaught Exception in mercurius High
CVE-2021-43801 was published for mercurius (npm) Dec 13, 2021
Uncaught Exception in engine.io High
CVE-2022-21676 was published for engine.io (npm) Jan 13, 2022
marwej
Crash when type cannot be specialized in Tensorflow High
CVE-2022-23572 was published for tensorflow (pip) Feb 9, 2022
Segfault in `simplifyBroadcast` in Tensorflow High
CVE-2022-23593 was published for tensorflow (pip) Feb 9, 2022
Assertion failure based denial of service in Tensorflow High
CVE-2022-21737 was published for tensorflow (pip) Feb 9, 2022
Type confusion leading to segfault in Tensorflow High
CVE-2022-21731 was published for tensorflow (pip) Feb 10, 2022
Improper Check for Unusual or Exceptional Conditions in Elasticsearch High
CVE-2022-23712 was published for org.elasticsearch:elasticsearch (Maven) Jun 7, 2022
Improper Handling of `callbackUrl` parameter in next-auth High
CVE-2022-31093 was published for next-auth (npm) Jun 21, 2022
stensrud
Improper handling of CSS at-rules in lettersanitizer High
CVE-2022-31103 was published for lettersanitizer (npm) Jun 23, 2022
fastify vulnerable to denial of service via malicious Content-Type High
CVE-2022-39288 was published for fastify (npm) Oct 11, 2022
B-i-t-K
Feathers socket handler allows abusing implicit toString High
CVE-2023-37899 was published for @feathersjs/socketio (npm) Jul 20, 2023
CodeanIO
json2xml Uncaught Exception vulnerability High
CVE-2022-25024 was published for json2xml (pip) Aug 23, 2023
Apollo Router vulnerable to Improper Check or Handling of Exceptional Conditions High
CVE-2023-45812 was published for apollo-router (Rust) Oct 19, 2023
garypen BrynCooke
BryanBarron jasonbarnett667 shorgi
XSS sidekiq-unique-jobs UI server vulnerability High
CVE-2024-25122 was published for sidekiq-unique-jobs (RubyGems) Feb 13, 2024
pboling Earlopain
HPACK decoder panics on invalid input High
GHSA-w7hm-hmxv-pvhf was published for hpack (Rust) Apr 5, 2024
Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX High
CVE-2024-34360 was published for github.com/spacemeshos/api (Go) May 10, 2024
Tor Arti's STUB circuits incorrectly have a length of 2 High
CVE-2024-35312 was published for arti (Rust) May 18, 2024
Directus is soft-locked by providing a string value to random string util High
CVE-2024-36128 was published for directus (npm) Jun 4, 2024
Zehir
LNbits improperly handles potential network and payment failures when using Eclair backend High
CVE-2024-34694 was published for lnbits (pip) Jun 17, 2024
Semisol fishcakeday
Jenkins Remoting library arbitrary file read vulnerability High
CVE-2024-43044 was published for org.jenkins-ci.main:jenkins-core (Maven) Aug 7, 2024
ProTip! Advisories are also available from the GraphQL API