GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
59 advisories
Filter by severity
Vyper's raw_call `value=` kwargs not disabled for static and delegate calls
Moderate
CVE-2024-24567
was published
for
vyper
(pip)
Jan 30, 2024
CHECK-fail in `QuantizeAndDequantizeV4Grad`
Low
CVE-2021-29544
was published
for
tensorflow
(pip)
May 21, 2021
Jenkins Remoting library arbitrary file read vulnerability
High
CVE-2024-43044
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Aug 7, 2024
socket.io has an unhandled 'error' event
Moderate
CVE-2024-38355
was published
for
socket.io
(npm)
Jun 19, 2024
Insufficient validation when decoding a Socket.IO packet
Moderate
CVE-2023-32695
was published
for
socket.io-parser
(npm)
May 23, 2023
Crash when type cannot be specialized in Tensorflow
High
CVE-2022-23572
was published
for
tensorflow
(pip)
Feb 9, 2022
Assertion failure based denial of service in Tensorflow
High
CVE-2022-21737
was published
for
tensorflow
(pip)
Feb 9, 2022
Segfault in `simplifyBroadcast` in Tensorflow
High
CVE-2022-23593
was published
for
tensorflow
(pip)
Feb 9, 2022
Type confusion leading to segfault in Tensorflow
High
CVE-2022-21731
was published
for
tensorflow
(pip)
Feb 10, 2022
Incomplete validation in `SparseSparseMinimum`
Moderate
CVE-2021-29607
was published
for
tensorflow
(pip)
Mar 18, 2022
Moodle has insufficient capability checks
Low
CVE-2024-43435
was published
for
moodle/moodle
(Composer)
Nov 11, 2024
loona-hpack Panic Vulnerability
Moderate
CVE-2024-51502
was published
for
loona-hpack
(Rust)
Nov 4, 2024
Tor Arti's STUB circuits incorrectly have a length of 2
High
CVE-2024-35312
was published
for
arti
(Rust)
May 18, 2024
CHECK-fail in tf.raw_ops.EncodePng
Low
CVE-2021-29531
was published
for
tensorflow
(pip)
May 21, 2021
Segmentation faultin TensorFlow when converting a Python string to `tf.float16`
Low
CVE-2020-5215
was published
for
tensorflow
(pip)
Jan 28, 2020
Integer truncation in Shard API usage
High
CVE-2020-15202
was published
for
tensorflow
(pip)
Sep 25, 2020
Potential buffer overflow in psd-tools
Critical
CVE-2020-10571
was published
for
psd-tools
(pip)
Mar 16, 2020
json2xml Uncaught Exception vulnerability
High
CVE-2022-25024
was published
for
json2xml
(pip)
Aug 23, 2023
Potential Captcha Validate Bypass in flask-session-captcha
Moderate
CVE-2022-24880
was published
for
flask-session-captcha
(pip)
Apr 26, 2022
Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf
Moderate
CVE-2023-23931
was published
for
cryptography
(pip)
Feb 7, 2023
Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling
Moderate
CVE-2024-39832
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
XMP Toolkit's `XmpFile::close` can trigger undefined behavior
Low
GHSA-66fw-43h8-f8p3
was published
for
xmp_toolkit
(Rust)
Jul 26, 2024
LNbits improperly handles potential network and payment failures when using Eclair backend
High
CVE-2024-34694
was published
for
lnbits
(pip)
Jun 17, 2024
ProTip!
Advisories are also available from the
GraphQL API