Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
832
Swift
35
Unreviewed advisories
All unreviewed
5,000+

19 advisories

Loading
Invalid drop of partially-initialized instances in the pooling instance allocator for modules with defined `externref` globals Moderate
CVE-2022-23636 was published for wasmtime (Rust) Feb 16, 2022
peterhuene
NULL Pointer Dereference and Access of Uninitialized Pointer in TensorFlow Critical
GHSA-h6gw-r52c-724r was published for tensorflow (pip) Feb 9, 2022
Incomplete validation in boosted trees code Critical
CVE-2021-41208 was published for tensorflow (pip) Nov 10, 2021
Unitialized access in `EinsumHelper::ParseEquation` High
CVE-2021-41201 was published for tensorflow (pip) Nov 10, 2021
Segfault while copying constant resource tensor Moderate
CVE-2021-41204 was published for tensorflow (pip) Nov 10, 2021
Reference binding to `nullptr` in `tf.ragged.cross` High
CVE-2021-41214 was published for tensorflow (pip) Nov 10, 2021
Undefined behavior via `nullptr` reference binding in sparse matrix multiplication High
CVE-2021-41219 was published for tensorflow (pip) Nov 10, 2021
Assumed memory layout of std::net::SocketAddr Moderate
GHSA-p5w9-856p-8q4g was published for socket2 (Rust) Aug 25, 2021 withdrawn
Access of Uninitialized Pointer in linked-hash-map Critical
CVE-2020-25573 was published for linked-hash-map (Rust) Aug 25, 2021
Reference binding to nullptr in `RaggedTensorToSparse` High
CVE-2021-37656 was published for tensorflow (pip) Aug 25, 2021
Reference binding to nullptr in `MatrixDiagV*` ops High
CVE-2021-37657 was published for tensorflow (pip) Aug 25, 2021
Reference binding to nullptr in `MatrixSetDiagV*` ops High
CVE-2021-37658 was published for tensorflow (pip) Aug 25, 2021
Reference binding to nullptr in boosted trees High
CVE-2021-37662 was published for tensorflow (pip) Aug 25, 2021
Reference binding to nullptr in `RaggedTensorToVariant` High
CVE-2021-37666 was published for tensorflow (pip) Aug 25, 2021
Reference binding to nullptr in unicode encoding High
CVE-2021-37667 was published for tensorflow (pip) Aug 25, 2021
Reference binding to nullptr in map operations High
CVE-2021-37671 was published for tensorflow (pip) Aug 25, 2021
Reference binding to nullptr in shape inference High
CVE-2021-37676 was published for tensorflow (pip) Aug 25, 2021
Reference binding to null in `ParameterizedTruncatedNormal` Low
CVE-2021-29568 was published for tensorflow (pip) May 21, 2021
Asyncpg Arbitrary Code Execution Via Access to an Uninitialized Pointer Critical
CVE-2020-17446 was published for asyncpg (pip) Apr 20, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database