GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
263 advisories
Filter by severity
Package discontinued because Bitly lowered the free quota
Low
GHSA-ggrh-grj3-vfvw
was published
for
bitlyshortener
(pip)
Nov 28, 2022
Vyper interfaces returning integer types less than 256 bits can be manipulated if uint256 is used
Low
GHSA-mr6r-mvw4-736g
was published
for
vyper
(pip)
Mar 25, 2020
`CHECK` failure in `SobolSample` via missing validation
Low
GHSA-cqvq-fvhr-v6hc
was published
for
tensorflow
(pip)
Nov 21, 2022
`CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in eager mode
Low
GHSA-xf83-q765-xm6m
was published
for
tensorflow
(pip)
Nov 21, 2022
Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request
Low
CVE-2020-15239
was published
for
xmpp-http-upload
(pip)
Oct 6, 2020
UNEDITABLE_SCHEMAS and UNEDITABLE_TABLE_DESCRIPTION_MATCH_RULES not respected by frontend service backend
Low
GHSA-47qg-q58v-7vrp
was published
for
amundsen-frontend
(pip)
Dec 2, 2020
Key Caching behavior in the DynamoDB Encryption Client.
Low
GHSA-4ph2-8337-hm62
was published
for
dynamodb-encryption-sdk
(pip)
Feb 8, 2021
datasette-graphql leaks details of the schema of private database files
Low
GHSA-74hv-qjjq-h7g5
was published
for
datasette-graphql
(pip)
Nov 24, 2020
Buffer overflow in deprecated USB HALs and stack overflow in USB enumeration
Low
GHSA-f366-4rvv-95x2
was published
for
cryptoauthlib
(pip)
Oct 2, 2020
VVE-2021-0002: Incorrect `returndatasize` when using simple forwarder proxies deployed prior to EIP-1167 adoption
Low
GHSA-375m-5fvv-xq23
was published
for
vyper
(pip)
Apr 19, 2021
CLI does not correctly implement strict mode
Low
GHSA-2xwp-m7mq-7q3r
was published
for
aws-encryption-sdk-cli
(pip)
Oct 28, 2020
Open Redirect in Flask-Security-Too
Low
GHSA-gxjj-f44v-qm94
was published
for
Flask-Security-Too
(pip)
Dec 14, 2021
•
withdrawn
CSRF Vuln can expose user's QRcode
Low
GHSA-fxq4-r6mr-9x64
was published
for
Flask-Security-Too
(pip)
Apr 8, 2021
Python-TUF vulnerable to incorrect threshold signature computation for new root metadata
Low
GHSA-r7vq-6425-j94w
was published
for
tuf
(pip)
Sep 15, 2022
Arbitrary file deletion in NeMo ASR webapp
Low
GHSA-rpx7-33j2-xx9x
was published
for
nemo_toolkit
(pip)
Feb 15, 2022
personnummer/python vulnerable to Improper Input Validation
Low
GHSA-rxq3-5249-8hgg
was published
for
personnummer
(pip)
Sep 9, 2020
TensorFlow vulnerable to integer overflow in math ops
Low
CVE-2022-36015
was published
for
tensorflow
(pip)
Sep 16, 2022
TensorFlow vulnerable to `CHECK`-fail in `tensorflow::full_type::SubstituteFromAttrs`
Low
CVE-2022-36016
was published
for
tensorflow
(pip)
Sep 16, 2022
Heap buffer overflow in `BandedTriangularSolve`
Low
CVE-2021-29612
was published
for
tensorflow
(pip)
May 21, 2021
Invalid validation in `QuantizeAndDequantizeV2`
Low
CVE-2021-29610
was published
for
tensorflow
(pip)
May 21, 2021
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings
Low
CVE-2022-31177
was published
for
Flask-AppBuilder
(pip)
Jul 29, 2022
Segfault in `tf.raw_ops.SparseCountSparseOutput`
Low
CVE-2021-29619
was published
for
tensorflow
(pip)
May 21, 2021
ProTip!
Advisories are also available from the
GraphQL API