Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,511 advisories

Loading
Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints High
CVE-2022-43719 was published for apache-superset (pip) Jan 16, 2023
sviehb/jefferson vulnerable to path traversal High
CVE-2022-4885 was published for jefferson (pip) Jan 11, 2023
rdiffweb has no rate limit on resend email feature High
CVE-2022-4723 was published for rdiffweb (pip) Dec 27, 2022
rdiffweb vulnerable to Authentication Bypass by Primary Weakness High
CVE-2022-4722 was published for rdiffweb (pip) Dec 27, 2022
rdiffweb vulnerable to Open Redirect High
CVE-2022-4720 was published for rdiffweb (pip) Dec 27, 2022
SentinelOne impersonated via PyPI packages High
GHSA-g86j-hwg9-77q5 was published for SentinelOne (pip) Dec 27, 2022
cocagne pysrp vulnerable to side channel leaks High
CVE-2021-4286 was published for srp (pip) Dec 27, 2022
Slixmpp lacks SSL Certificate hostname validation in XMLStream High
CVE-2022-45197 was published for slixmpp (pip) Dec 25, 2022
pypa/wheel vulnerable to Regular Expression denial of service (ReDoS) High
CVE-2022-40898 was published for wheel (pip) Dec 23, 2022
Python Charmers Future denial of service vulnerability High
CVE-2022-40899 was published for future (pip) Dec 23, 2022
GoetzGoerisch
pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS) High
CVE-2022-40897 was published for setuptools (pip) Dec 23, 2022
rdiffweb vulnerable to Cross-Site Request Forgery High
CVE-2022-4646 was published for rdiffweb (pip) Dec 22, 2022
OpenStack Kolla sudo privilege escalation vulnerability High
CVE-2022-38060 was published for kolla (pip) Dec 21, 2022
Patchelf out-of-bounds read High
CVE-2022-44940 was published for patchelf (pip) Dec 20, 2022
pgadmin4 vulnerable to Code Injection High
CVE-2022-4223 was published for pgadmin4 (pip) Dec 13, 2022
Passeo uses insecure random number generator High
CVE-2022-23472 was published for Passeo (pip) Dec 6, 2022
Bluenix2 ArjunSharda
XBlock vulnerable to Cross-Site Scripting (XSS) High
CVE-2022-46147 was published for xblock-drag-and-drop-v2 (pip) Dec 2, 2022
OS Command Injection in Apache Airflow High
CVE-2022-41131 was published for apache-airflow-providers-apache-hive (pip) Nov 22, 2022
raboof
CKAN contains Improper Authentication leading to account takeover High
CVE-2022-43685 was published for ckan (pip) Nov 22, 2022
Out of bounds write in grappler in Tensorflow High
CVE-2022-41902 was published for tensorflow (pip) Nov 21, 2022
w0j73k
FractionalMaxPool and FractionalAVGPool heap out-of-bounds acess High
CVE-2022-41900 was published for tensorflow (pip) Nov 21, 2022
Buffer overflow in `CONV_3D_TRANSPOSE` on TFLite High
CVE-2022-41894 was published for tensorflow (pip) Nov 21, 2022
richardfan0606
LIEF heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind High
CVE-2022-43171 was published for lief (pip) Nov 18, 2022
Cross Site Scripting vulnerability in wsgidav when directory browsing is enabled High
CVE-2022-41905 was published for wsgidav (pip) Nov 16, 2022
brunnjf
rdiffweb vulnerable to Insufficient Session Expiration High
CVE-2022-3362 was published for rdiffweb (pip) Nov 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database