GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
159 advisories
Filter by severity
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths
High
CVE-2022-31052
was published
for
matrix-synapse
(pip)
Jun 29, 2022
XSS Vulnerability in Markdown Editor
High
GHSA-85q9-7467-r53q
was published
for
inventree
(pip)
Jun 17, 2022
Insufficient HTML Sanitization
High
GHSA-rm89-9g65-4ffr
was published
for
inventree
(pip)
Jun 17, 2022
Jupyter server Token bruteforcing
High
CVE-2022-29241
was published
for
jupyter-server
(pip)
Jun 16, 2022
Code injection in `saved_model_cli` in TensorFlow
High
CVE-2022-29216
was published
for
tensorflow
(pip)
May 24, 2022
Apache Superset SQL Injection when template processing is enabled
High
CVE-2021-41971
was published
for
apache-superset
(pip)
May 24, 2022
OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID
High
CVE-2020-12691
was published
for
keystone
(pip)
May 24, 2022
OpenStack Keystone EC2 and/or credential endpoints are not protected from a scoped context
High
CVE-2020-12689
was published
for
keystone
(pip)
May 24, 2022
Openstack ironic-inspector has SQL injection vulnerability in node_cache
High
CVE-2019-10141
was published
for
ironic-inspector
(pip)
May 24, 2022
django-anymail Includes Sensitive Information in Log Files
High
CVE-2018-1000089
was published
for
django-anymail
(pip)
May 14, 2022
OISF suricata-update unsafely deserializes YAML data
High
CVE-2018-1000167
was published
for
suricata-update
(pip)
May 14, 2022
Mercurial missing symlink check
High
CVE-2017-1000115
was published
for
mercurial
(pip)
May 14, 2022
Yelp OSXCollector Improper Certificate Validation
High
CVE-2018-10406
was published
for
osxcollector
(pip)
May 13, 2022
CherryPy Malicious cookies allow access to files outside the session directory
High
CVE-2008-0252
was published
for
cherrypy
(pip)
May 1, 2022
Twisted SSH client and server deny of service during SSH handshake.
High
CVE-2022-21716
was published
for
twisted
(pip)
Mar 3, 2022
Use after free in `DecodePng` kernel
High
CVE-2022-23584
was published
for
tensorflow
(pip)
Feb 9, 2022
Out of bounds write in Tensorflow
High
CVE-2022-23566
was published
for
tensorflow
(pip)
Feb 9, 2022
Improper Validation of Integrity Check Value in TensorFlow
High
GHSA-43q8-3fv7-pr5x
was published
for
tensorflow
(pip)
Feb 9, 2022
Unrestricted Upload of File with Dangerous Type in motionEye
High
CVE-2021-44255
was published
for
motioneye
(pip)
Feb 1, 2022
ProTip!
Advisories are also available from the
GraphQL API