Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,705
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

3,336 advisories

Loading
Apache Airflow: Sensitive configuration values are not masked in the logs by default High
CVE-2024-45784 was published for airflow (pip) Nov 15, 2024
Cross-site Scripting (XSS) - DOM in janeczku/calibre-web Moderate
CVE-2021-3988 was published for calibreweb (pip) Nov 15, 2024
Improper Access Control in janeczku/calibre-web Moderate
CVE-2021-3987 was published for calibreweb (pip) Nov 15, 2024
Generation of Error Message Containing Sensitive Information in janeczku/calibre-web Moderate
CVE-2021-3986 was published for calibreweb (pip) Nov 15, 2024
Missing ratelimit on passwrod resets in zenml Moderate
CVE-2024-4311 was published for zenml (pip) Nov 14, 2024
ReDoS in giskard's transformation.py (GHSL-2024-324) Moderate
CVE-2024-52524 was published for giskard (pip) Nov 14, 2024
kevinbackhouse
Salt preflight script could be attacker controlled Moderate
CVE-2023-34049 was published for salt (pip) Nov 14, 2024
OpenC3 stores passwords in clear text (`GHSL-2024-129`) Moderate
CVE-2024-47529 was published for @openc3/tool-common (RubyGems) Oct 2, 2024
p-
Unsafe handling of user-specified cookies in treq High
CVE-2022-23607 was published for treq (pip) Feb 1, 2022
glyph twm
The Fuck Arbitrary File Deletion via Path Traversal High
CVE-2021-34363 was published for thefuck (pip) Jun 15, 2021
RSA weakness in tslite-ng High
CVE-2020-26263 was published for tlslite-ng (pip) Dec 21, 2020
tomato42
Topydo Improper Input Validation vulnerability High
CVE-2018-1000523 was published for topydo (pip) Sep 13, 2018
Session Fixation in Tryton High
CVE-2018-19443 was published for tryton (pip) Nov 29, 2018
SQL injection in Tortoise ORM Moderate
CVE-2020-11010 was published for tortoise-orm (pip) Apr 20, 2020
Tornado XSRF cookie allows side-channel attack against TLS (BREACH attack) High
CVE-2014-9720 was published for tornado (pip) May 17, 2022
PyTorch vulnerable to arbitrary code execution Critical
CVE-2022-45907 was published for torch (pip) Nov 26, 2022
WilliamsCJ
tlslite-ng off-by-one error on mac checking High
CVE-2018-1000159 was published for tlslite-ng (pip) Jul 12, 2018
Heap OOB read in TFLite's implementation of `Minimum` or `Maximum` Low
CVE-2021-29590 was published for tensorflow (pip) May 21, 2021
Memory leak in Tensorflow Moderate
CVE-2022-23578 was published for tensorflow (pip) Feb 10, 2022
Null-dereference in Tensorflow High
CVE-2022-23577 was published for tensorflow (pip) Feb 10, 2022
Integer overflow in Tensorflow High
CVE-2022-23576 was published for tensorflow (pip) Feb 10, 2022
Integer overflow in Tensorflow High
CVE-2022-23575 was published for tensorflow (pip) Feb 10, 2022
Out of bounds read and write in Tensorflow High
CVE-2022-23574 was published for tensorflow (pip) Feb 9, 2022
Uninitialized variable access in Tensorflow High
CVE-2022-23573 was published for tensorflow (pip) Feb 9, 2022
Crash when type cannot be specialized in Tensorflow High
CVE-2022-23572 was published for tensorflow (pip) Feb 9, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database