GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
95 advisories
Filter by severity
django Filer Unrestricted Upload of File with Dangerous Type
Moderate
CVE-2024-11404
was published
for
django-filer
(pip)
Nov 20, 2024
Apache Superset server arbitrary file read
Moderate
CVE-2024-34693
was published
for
apache-superset
(pip)
Jun 20, 2024
vyper performs incorrect topic logging in raw_log
Moderate
CVE-2024-32645
was published
for
vyper
(pip)
Apr 25, 2024
vyper performs double eval of the slice start/length args in certain cases
Moderate
CVE-2024-32646
was published
for
vyper
(pip)
Apr 25, 2024
Apache Superset: Improper Neutralization of custom SQL on embedded context
Moderate
CVE-2024-24772
was published
for
apache-superset
(pip)
Feb 28, 2024
Privilege escalation for users that can access mock configuration
Moderate
CVE-2023-6395
was published
for
templated_dictionary
(pip)
Jan 16, 2024
Improper Input Validation in mindsdb
Moderate
CVE-2023-49796
was published
for
mindsdb
(pip)
Dec 12, 2023
DockerSpawner allows any image by default
Moderate
CVE-2023-48311
was published
for
dockerspawner
(pip)
Dec 8, 2023
aiohttp's ClientSession is vulnerable to CRLF injection via version
Moderate
CVE-2023-49081
was published
for
aiohttp
(pip)
Nov 27, 2023
aiohttp's ClientSession is vulnerable to CRLF injection via method
Moderate
CVE-2023-49082
was published
for
aiohttp
(pip)
Nov 27, 2023
Microsoft Common Data Model SDK Denial of Service Vulnerability
Moderate
CVE-2023-36566
was published
for
Microsoft.CommonDataModel.ObjectModel
(Maven)
Oct 10, 2023
Apache Superset Improper Input Validation vulnerability
Moderate
CVE-2023-39265
was published
for
apache-superset
(pip)
Sep 6, 2023
Apache Airflow ODBC Provider, Apache Airflow MSSQL Provider Improper Input Validation vulnerability
Moderate
CVE-2023-35798
was published
for
apache-airflow-providers-microsoft-mssql
(pip)
Jun 27, 2023
Gradio vulnerable to arbitrary file read and proxying of arbitrary URLs
Moderate
CVE-2023-34239
was published
for
gradio
(pip)
Jun 9, 2023
Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites
Moderate
CVE-2023-32323
was published
for
matrix-synapse
(pip)
May 24, 2023
TensorFlow Denial of Service vulnerability
Moderate
CVE-2023-25661
was published
for
tensorflow
(pip)
Mar 27, 2023
Improper Input Validation in pyload-ng
Moderate
CVE-2023-0434
was published
for
pyload-ng
(pip)
Jan 22, 2023
Segfault in `CompositeTensorVariantToComponents`
Moderate
CVE-2022-41909
was published
for
tensorflow
(pip)
Nov 21, 2022
`CHECK` fail via inputs in `PyFunc`
Moderate
CVE-2022-41908
was published
for
tensorflow
(pip)
Nov 21, 2022
`CHECK_EQ` fail via input in `SparseMatrixNNZ`
Moderate
CVE-2022-41901
was published
for
tensorflow
(pip)
Nov 21, 2022
`CHECK` fail via inputs in `SdcaOptimizer`
Moderate
CVE-2022-41899
was published
for
tensorflow
(pip)
Nov 21, 2022
`CHECK` fail via inputs in `SparseFillEmptyRowsGrad`
Moderate
CVE-2022-41898
was published
for
tensorflow
(pip)
Nov 21, 2022
Segfault in `tf.raw_ops.TensorListConcat`
Moderate
CVE-2022-41891
was published
for
tensorflow
(pip)
Nov 21, 2022
FPE in `tf.image.generate_bounding_box_proposals`
Moderate
CVE-2022-41888
was published
for
tensorflow
(pip)
Nov 21, 2022
ProTip!
Advisories are also available from the
GraphQL API