Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

434 advisories

Loading
TensorFlow vulnerable to segfault in `QuantizeDownAndShrinkRange` Moderate
CVE-2022-35974 was published for tensorflow (pip) Sep 16, 2022
TensorFlow vulnerable to segfault in `QuantizedMatMul` Moderate
CVE-2022-35973 was published for tensorflow (pip) Sep 16, 2022
TensorFlow vulnerable to segfault in `QuantizedBiasAdd` Moderate
CVE-2022-35972 was published for tensorflow (pip) Sep 16, 2022
TensorFlow vulnerable to segfault in `QuantizedInstanceNorm` Moderate
CVE-2022-35970 was published for tensorflow (pip) Sep 16, 2022
TensorFlow vulnerable to segfault in `QuantizedAdd` Moderate
CVE-2022-35967 was published for tensorflow (pip) Sep 16, 2022
TensorFlow vulnerable to segfault in `QuantizedAvgPool` Moderate
CVE-2022-35966 was published for tensorflow (pip) Sep 16, 2022
TensorFlow vulnerable to segfault in `BlockLSTMGradV2` Moderate
CVE-2022-35964 was published for tensorflow (pip) Sep 16, 2022
TensorFlow vulnerable to segfault in `Requantize` Moderate
CVE-2022-36017 was published for tensorflow (pip) Sep 16, 2022
TensorFlow segfault TFLite converter on per-channel quantized transposed convolutions Moderate
CVE-2022-36027 was published for tensorflow (pip) Sep 16, 2022
OAuthLib vulnerable to DoS when attacker provides malicious IPV6 URI Moderate
CVE-2022-36087 was published for oauthlib (pip) Sep 16, 2022
SCH227 loljawn
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent Moderate
CVE-2022-36032 was published for react/http (Composer) Sep 16, 2022
lavish
mangadex-downloader vulnerable to unauthorized file reading Moderate
CVE-2022-36082 was published for mangadex-downloader (pip) Sep 16, 2022
Duplicate Advisory: Keycloak user may register themselves with same email ID of any existing user Moderate
GHSA-j9xq-j329-2xvg was published for org.keycloak:keycloak-core (Maven) Aug 27, 2022 withdrawn
Keycloak vulnerable to Improper Certificate Validation Moderate
CVE-2020-35509 was published for org.keycloak:keycloak-core (Maven) Aug 24, 2022
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server Moderate
CVE-2022-31036 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
AdamKorcz DavidKorczynski
AutoUpdater module fails to validate certain nested components of the bundle Moderate
CVE-2022-29257 was published for electron (npm) Jun 16, 2022
Calico vulnerable to pod route hijacking Moderate
CVE-2022-28224 was published for github.com/projectcalico/calico (Go) Jun 7, 2022
joshbressers
Incomplete validation in signal ops leads to crashes in TensorFlow Moderate
CVE-2022-29213 was published for tensorflow (pip) May 24, 2022
Core dump when loading TFLite models with quantization in TensorFlow Moderate
CVE-2022-29212 was published for tensorflow (pip) May 24, 2022
Segfault if `tf.histogram_fixed_width` is called with NaN values in TensorFlow Moderate
CVE-2022-29211 was published for tensorflow (pip) May 24, 2022
Undefined behavior when users supply invalid resource handles Moderate
CVE-2022-29207 was published for tensorflow (pip) May 24, 2022
Missing validation results in undefined behavior in `SparseTensorDenseAdd Moderate
CVE-2022-29206 was published for tensorflow (pip) May 24, 2022
Missing validation causes denial of service via `Conv3DBackpropFilterV2` Moderate
CVE-2022-29204 was published for tensorflow (pip) May 24, 2022
Denial of service in `tf.ragged.constant` due to lack of validation Moderate
CVE-2022-29202 was published for tensorflow (pip) May 24, 2022
Missing validation results in undefined behavior in `QuantizedConv2D` Moderate
CVE-2022-29201 was published for tensorflow (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database