GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
30
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,299
Pub
11
RubyGems
878
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
406 advisories
Filter by severity
NULL Pointer Dereference and Access of Uninitialized Pointer in TensorFlow
Critical
GHSA-h6gw-r52c-724r
was published
for
tensorflow
(pip)
Feb 9, 2022
PaddlePaddle vulnerable to code injection via winstr
Critical
CVE-2022-45908
was published
for
paddlepaddle
(pip)
Nov 26, 2022
Remote unauthenticated attackers able to upload files in Onionshare
Critical
CVE-2021-41868
was published
for
onionshare-cli
(pip)
Nov 19, 2021
Tooxie Shiva 0.10.0 allows absolute path traversal because Flask send_file function used unsafely
Critical
CVE-2022-31558
was published
for
shiva
(pip)
Jul 12, 2022
ChainerRL Visualizer 0.1.1 vulnerable to Path Traversal via unsafe use of send_file function
Critical
CVE-2022-31573
was published
for
chainerrl-visualizer
(pip)
Jul 12, 2022
WMAgent arbitrary code execution via a crafted dbs-client package
Critical
CVE-2022-34558
was published
for
global-workqueue
(pip)
Jul 29, 2022
Sony Neural Network Libraries reliance on untrusted inputs prior to v1.0.10
Critical
CVE-2019-10844
was published
for
nnabla
(pip)
May 13, 2022
Apache Airflow Hive Provider vulnerable to Command Injection
Critical
CVE-2022-46421
was published
for
apache-airflow-providers-apache-hive
(pip)
Dec 20, 2022
Maltego incorrectly shares a MISP connection across users in a remote-transform use case
Critical
CVE-2020-12889
was published
for
MISP-maltego
(pip)
May 24, 2022
Origin Validation Error in rdiffweb
Critical
CVE-2022-3457
was published
for
rdiffweb
(pip)
Oct 14, 2022
rdiffweb vulnerable to account access via session fixation
Critical
CVE-2022-3269
was published
for
rdiffweb
(pip)
Sep 25, 2022
rdiffweb vulnerable to Insufficient Session Expiration
Critical
CVE-2022-3362
was published
for
rdiffweb
(pip)
Nov 15, 2022
exotel-py 0.1.6 includes code execution backdoor inserted by a third party
Critical
CVE-2022-38792
was published
for
exotel
(pip)
Aug 28, 2022
Rdiffweb is missing authentication for critical function
Critical
CVE-2022-3327
was published
for
rdiffweb
(pip)
Oct 20, 2022
PyTorch vulnerable to arbitrary code execution
Critical
CVE-2022-45907
was published
for
torch
(pip)
Nov 26, 2022
Improper Privilege Management in rdiffweb
Critical
CVE-2022-4314
was published
for
rdiffweb
(pip)
Dec 12, 2022
Rdiffweb subject to Business Logic Errors
Critical
CVE-2022-3363
was published
for
rdiffweb
(pip)
Oct 27, 2022
Integer truncation in Shard API usage
Critical
CVE-2020-15202
was published
for
tensorflow
(pip)
Sep 25, 2020
Denial of Service in Tensorflow
Critical
CVE-2020-15206
was published
for
tensorflow
(pip)
Sep 25, 2020
Incomplete validation in boosted trees code
Critical
CVE-2021-41208
was published
for
tensorflow
(pip)
Nov 10, 2021
ProTip!
Advisories are also available from the
GraphQL API