Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,556
Maven
5,000+
npm
4,228
NuGet
747
pip
4,000
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,522 advisories

Loading
Improper Access Control in MySQL Connector Python High
CVE-2019-2435 was published for mysql-connector-python (pip) May 13, 2022
Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging High
CVE-2022-24770 was published for gradio (pip) Mar 18, 2022
haby0
Credited to haby0
MEI2Volpiano is vulnerable to XML External Entity (XXE), leading to a Denial of Service (DoS) High
CVE-2022-37189 was published for mei2volpiano (pip) Sep 8, 2022
Inconsistent Interpretation of HTTP Requests in Waitress High
CVE-2019-16792 was published for waitress (pip) May 24, 2022
Unrestricted Attachment Upload High
CVE-2022-2111 was published for inventree (pip) Jun 17, 2022
saharshtapi
Credited to saharshtapi
CSV Injection in inventree High
CVE-2022-2112 was published for inventree (pip) Jun 18, 2022
Incorrect handling of invalid surrogate pair characters High
CVE-2022-31116 was published for ujson (pip) Jul 5, 2022
JustAnotherArchivist the-bumble
Credited to JustAnotherArchivist and the-bumble
Numpy missing input validation High
CVE-2017-12852 was published for numpy (pip) May 13, 2022
jhutchings1
Credited to jhutchings1
Dynamic modification of RPyC service due to missing security check High
CVE-2019-16328 was published for rpyc (pip) Feb 17, 2021
comrumino
Credited to comrumino
TensorFlow vulnerable to OOB read in `Gather_nd` in TF Lite High
CVE-2022-35937 was published for tensorflow (pip) Sep 16, 2022
TensorFlow vulnerable to OOB write in `scatter_nd` in TF Lite High
CVE-2022-35939 was published for tensorflow (pip) Sep 16, 2022
Apache Pulsar Disabled Certificate Validation for OAuth Client Credential Requests makes C++/Python Clients vulnerable to MITM attack High
CVE-2022-33684 was published for pulsar-client (pip) Nov 4, 2022
hsnbozkurt
Credited to hsnbozkurt
rdiffweb vulnerable to potential DoS via memory consumption High
CVE-2022-3298 was published for rdiffweb (pip) Sep 27, 2022
NumPy NULL Pointer Dereference High
CVE-2021-41495 was published for numpy (pip) Feb 8, 2022
Out-of-bounds read in admesh High
CVE-2018-25033 was published for admesh (pip) May 9, 2022
LIEF vulnerable to heap based buffer overflow via print_binary function High
CVE-2022-38495 was published for lief (pip) Sep 14, 2022
Segfault and OOB write due to incomplete validation in `EditDistance` in TensorFlow High
CVE-2022-29208 was published for tensorflow (pip) May 24, 2022
Code injection in `saved_model_cli` in TensorFlow High
CVE-2022-29216 was published for tensorflow (pip) May 24, 2022
sanic vulnerable to Path Traversal when using `app.static` if using encoded `%2F` URLs High
CVE-2022-35920 was published for sanic (pip) Aug 6, 2022
Rejected CVE ID High
CVE-2018-7574 was published for tensorflow (pip) Apr 30, 2019 withdrawn
Hyperledger indy-node vulnerable to denial of service High
CVE-2022-31006 was published for indy-node (pip) Sep 16, 2022
cre8
Credited to cre8
Server-Side Request Forgery in scout-browser High
CVE-2022-1592 was published for scout-browser (pip) May 6, 2022
FractionalMaxPool and FractionalAVGPool heap out-of-bounds acess High
CVE-2022-41900 was published for tensorflow (pip) Nov 21, 2022
Out-of-bounds Write in OpenCV High
CVE-2019-5063 was published for opencv-contrib-python (pip) Oct 12, 2021
NULL Pointer Dereference in OpenCV. High
CVE-2019-14493 was published for opencv-contrib-python (pip) Oct 12, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database