Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,303
Erlang
31
GitHub Actions
21
Go
2,072
Maven
5,000+
npm
3,744
NuGet
669
pip
3,430
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,319 advisories

Loading
TensorFlow vulnerable to Out-of-Bounds Read in DynamicStitch High
CVE-2023-25659 was published for tensorflow (pip) Mar 24, 2023
dengyinlin
TensorFlow vulnerable to Out-of-Bounds Read in GRUBlockCellGrad High
CVE-2023-25658 was published for tensorflow (pip) Mar 24, 2023
TensorFlow has null dereference on ParallelConcat with XLA High
CVE-2023-25676 was published for tensorflow (pip) Mar 24, 2023
Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True` High
CVE-2023-28117 was published for sentry-sdk (pip) Mar 21, 2023
Apache Airflow Google Provider Improper Input Validation vulnerability High
CVE-2023-25692 was published for apache-airflow-providers-google (pip) Feb 24, 2023
Apache Airflow AWS Provider Generates Error Message Containing Sensitive Information High
CVE-2023-25956 was published for apache-airflow-providers-amazon (pip) Feb 24, 2023
Apache MXNet vulnerable to potential denial-of-service by excessive resource consumption High
CVE-2022-24294 was published for mxnet (pip) Jul 25, 2022
raboof
No protection against brute-force attacks on login page High
CVE-2023-25156 was published for kiwitcms (pip) Feb 15, 2023
Improper Restriction of Excessive Authentication Attempts in modoboa High
CVE-2023-0860 was published for modoboa (pip) Feb 16, 2023
Denial of service vulnerability on Password reset page High
CVE-2023-25171 was published for kiwitcms (pip) Feb 15, 2023
mosaa404
Vulnerable OpenSSL included in sgx-dcap-quote-verify-python High
GHSA-344m-qcjq-xgrf was published for sgx-dcap-quote-verify-python (pip) Feb 14, 2023
clauverjat
OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption High
CVE-2015-5162 was published for cinder (pip) May 14, 2022
OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service High
CVE-2016-0738 was published for swift (pip) May 17, 2022
Cobbler is vulnerable to code injection High
CVE-2010-2235 was published for cobbler (pip) May 17, 2022
Cobbler subject to Command Injection High
CVE-2012-2395 was published for cobbler (pip) May 17, 2022
OpenStack Keystone Improper Authentication vulnerability High
CVE-2012-4456 was published for keystone (pip) May 14, 2022
OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service High
CVE-2016-0737 was published for swift (pip) May 17, 2022
Barbican authorization flaw before v14.0.0 High
CVE-2022-23451 was published for barbican (pip) Sep 7, 2022
XML Entity Expansion in trytond and proteus High
CVE-2022-26662 was published for proteus (pip) Mar 11, 2022
Command injection in Weblate High
CVE-2022-24727 was published for Weblate (pip) Mar 5, 2022
Unrestricted Upload of File with Dangerous Type in motionEye High
CVE-2021-44255 was published for motioneye (pip) Feb 1, 2022
Out of bounds read in Tensorflow High
CVE-2022-23594 was published for tensorflow (pip) Feb 9, 2022
calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) High
CVE-2021-4164 was published for calibreweb (pip) Jan 21, 2022
Poetry vulnerable to Untrusted Search Path leading to Local Code Execution on Windows High
CVE-2022-36070 was published for poetry (pip) Oct 11, 2022
paul-gerste-sonarsource
Pallets Werkzeug vulnerable to Path Traversal High
CVE-2019-14322 was published for werkzeug (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database