Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,511 advisories

Loading
ReDoS issue in dparse High
CVE-2022-39280 was published for dparse (pip) Sep 27, 2022
rdiffweb allows unlimited length of root directory name, which could result in DoS High
CVE-2022-3295 was published for rdiffweb (pip) Sep 27, 2022
rdiffweb's unlimited username field length can lead to DoS High
CVE-2022-3290 was published for rdiffweb (pip) Sep 27, 2022
rdiffweb's unlimited length email field can lead to DoS High
CVE-2022-3272 was published for rdiffweb (pip) Sep 27, 2022
rdiffweb vulnerable to potential DoS via memory consumption High
CVE-2022-3298 was published for rdiffweb (pip) Sep 27, 2022
protobuf-cpp and protobuf-python have potential Denial of Service issue High
CVE-2022-1941 was published for protobuf (pip) Sep 23, 2022
kse3hi
rdiffweb Cross-Site Request Forgery vulnerability can lead to user email ID being changed High
CVE-2022-3274 was published for rdiffweb (pip) Sep 23, 2022
Apache Airflow vulnerable to Use of Externally-Controlled Format String High
CVE-2022-40604 was published for apache-airflow (pip) Sep 22, 2022
sunSUNQ
OctoPrint Improper Privilege Management vulnerability High
CVE-2022-3068 was published for OctoPrint (pip) Sep 22, 2022
autogluon.multimodal vulnerable to unsafe YAML deserialization High
GHSA-6h2x-4gjf-jc5w was published for autogluon.multimodal (pip) Sep 21, 2022
sxjscience
WASM3 Improper Input Validation vulnerability High
CVE-2022-39974 was published for pywasm3 (pip) Sep 21, 2022
TensorFlow vulnerable to OOB write in `scatter_nd` in TF Lite High
CVE-2022-35939 was published for tensorflow (pip) Sep 16, 2022
TensorFlow vulnerable to OOB read in `Gather_nd` in TF Lite High
CVE-2022-35937 was published for tensorflow (pip) Sep 16, 2022
Hyperledger indy-node vulnerable to denial of service High
CVE-2022-31006 was published for indy-node (pip) Sep 16, 2022
cre8
Poetry Argument Injection can lead to Local Code Execution High
CVE-2022-36069 was published for poetry (pip) Sep 16, 2022
paul-gerste-sonarsource neersighted
mako is vulnerable to Regular Expression Denial of Service High
CVE-2022-40023 was published for mako (pip) Sep 16, 2022
rdiffweb CSRF vulnerability in profile's SSH keys can lead to unauthorized access High
CVE-2022-3221 was published for rdiffweb (pip) Sep 16, 2022
rdiffweb vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute High
CVE-2022-3174 was published for rdiffweb (pip) Sep 14, 2022
rdiffweb contains Weak Password Requirements High
CVE-2022-3179 was published for rdiffweb (pip) Sep 14, 2022
LIEF vulnerable to heap based buffer overflow via print_binary function High
CVE-2022-38495 was published for lief (pip) Sep 14, 2022
MEI2Volpiano is vulnerable to XML External Entity (XXE), leading to a Denial of Service (DoS) High
CVE-2022-37189 was published for mei2volpiano (pip) Sep 8, 2022
Barbican authorization flaw before v14.0.0 High
CVE-2022-23451 was published for barbican (pip) Sep 7, 2022
Indy's NODE_UPGRADE transaction vulnerable to remote code execution High
CVE-2022-31020 was published for indy-node (pip) Sep 2, 2022
shakreiner
Denial of service due to incorrect application of event authorization rules High
CVE-2022-31152 was published for matrix-synapse (pip) Aug 31, 2022
VTK NULL pointer dereference vulnerability High
CVE-2021-42521 was published for vtk (pip) Aug 26, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database