GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
159 advisories
Filter by severity
Segmentation faultin TensorFlow when converting a Python string to `tf.float16`
High
CVE-2020-5215
was published
for
tensorflow
(pip)
Jan 28, 2020
High severity vulnerability that affects indico
High
GHSA-67cx-rhhq-mfhq
was published
for
indico
(pip)
Oct 11, 2019
Improper Validation of Integrity Check Value in TensorFlow
High
GHSA-43q8-3fv7-pr5x
was published
for
tensorflow
(pip)
Feb 9, 2022
XSS Vulnerability in Markdown Editor
High
GHSA-85q9-7467-r53q
was published
for
inventree
(pip)
Jun 17, 2022
Insufficient HTML Sanitization
High
GHSA-rm89-9g65-4ffr
was published
for
inventree
(pip)
Jun 17, 2022
SentinelOne impersonated via PyPI packages
High
GHSA-g86j-hwg9-77q5
was published
for
SentinelOne
(pip)
Dec 27, 2022
Code injection in `saved_model_cli` in TensorFlow
High
CVE-2022-29216
was published
for
tensorflow
(pip)
May 24, 2022
Data corruption in tensorflow-lite
High
CVE-2020-15208
was published
for
tensorflow
(pip)
Sep 25, 2020
Privilege Escalation in Channelmgnt plug-in for Sopel
High
CVE-2020-15251
was published
for
sopel_plugins.channelmgnt
(pip)
Oct 13, 2020
Poetry vulnerable to Untrusted Search Path leading to Local Code Execution on Windows
High
CVE-2022-36070
was published
for
poetry
(pip)
Oct 11, 2022
Unrestricted Upload of File with Dangerous Type in motionEye
High
CVE-2021-44255
was published
for
motioneye
(pip)
Feb 1, 2022
Out of bounds write in Tensorflow
High
CVE-2022-23566
was published
for
tensorflow
(pip)
Feb 9, 2022
Use after free in `DecodePng` kernel
High
CVE-2022-23584
was published
for
tensorflow
(pip)
Feb 9, 2022
py vulnerable to Regular Expression Denial of Service
High
CVE-2020-29651
was published
for
py
(pip)
Apr 20, 2021
Apache Spark UI can allow impersonation if ACLs enabled
High
CVE-2022-33891
was published
for
org.apache.spark:spark-parent_2.12
(Maven)
Jul 19, 2022
Twisted SSH client and server deny of service during SSH handshake.
High
CVE-2022-21716
was published
for
twisted
(pip)
Mar 3, 2022
When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder
High
CVE-2022-39254
was published
for
matrix-nio
(pip)
Sep 30, 2022
ProTip!
Advisories are also available from the
GraphQL API