Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,981
npm
3,510
NuGet
609
pip
3,085
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

279 advisories

Loading
Fides Webserver Vulnerable to Zip Bomb File Uploads Low
CVE-2023-37480 was published for ethyca-fides (pip) Jul 18, 2023
daveqnet
SafeURL-Python's hostname blocklist does not block FQDNs Low
GHSA-373w-rj84-pv6x was published for SafeURL-Python (pip) Jun 29, 2023
Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error Low
CVE-2023-34110 was published for Flask-AppBuilder (pip) Jun 22, 2023
msegoviag
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews Low
CVE-2023-32683 was published for matrix-synapse (pip) Jun 6, 2023
Vulnerable OpenSSL included in cryptography wheels Low
GHSA-5cpq-8wj7-hf2v was published for cryptography (pip) Jun 2, 2023
MindSpore vulnerable to memory corruption Low
CVE-2023-2970 was published for mindspore (pip) May 30, 2023
Vyper's nonpayable default functions are sometimes payable Low
CVE-2023-32675 was published for vyper (pip) May 22, 2023
trocher
Starlette has Path Traversal vulnerability in StaticFiles Low
CVE-2023-29159 was published for starlette (pip) May 17, 2023
aminalaee
kiwi TCMS has possibility for user to update email address to unverified one Low
CVE-2023-30544 was published for kiwitcms (pip) Apr 24, 2023
configobj ReDoS exploitable by developer using values in a server-side configuration file Low
CVE-2023-26112 was published for configobj (pip) Apr 3, 2023
redis-py Race Condition vulnerability Low
CVE-2023-28858 was published for redis (pip) Mar 26, 2023
Remote file existence check vulnerability in `mlflow server` and `mlflow ui` CLIs Low
CVE-2023-1176 was published for mlflow (pip) Mar 24, 2023
OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability Low
CVE-2022-4134 was published for glance (pip) Mar 7, 2023
Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions Low
CVE-2023-26052 was published for saleor (pip) Mar 2, 2023
Lemur subject to insecure random generation Low
GHSA-5fqv-mpj8-h7gm was published for lemur (pip) Mar 1, 2023
kjsman
Incorrect parsing of nameless cookies leads to __Host- cookies bypass Low
CVE-2023-23934 was published for Werkzeug (pip) Feb 15, 2023
lavish
Package discontinued because Bitly lowered the free quota Low
GHSA-ggrh-grj3-vfvw was published for bitlyshortener (pip) Nov 28, 2022
Temporary File Information Disclosure vulnerability in MPXJ Low
CVE-2022-41954 was published for mpxj (Maven) Nov 28, 2022
JLLeitschuh jkmartindale
`CHECK` failure in `SobolSample` via missing validation Low
GHSA-cqvq-fvhr-v6hc was published for tensorflow (pip) Nov 21, 2022
`CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in eager mode Low
GHSA-xf83-q765-xm6m was published for tensorflow (pip) Nov 21, 2022
rdiffweb vulnerable to Improper Cleanup on Thrown Exception Low
CVE-2022-3301 was published for rdiffweb (pip) Sep 27, 2022
OctoPrint vulnerable to Unrestricted Upload of File with Dangerous Type Low
CVE-2022-2872 was published for OctoPrint (pip) Sep 22, 2022
TensorFlow vulnerable to `CHECK`-fail in `tensorflow::full_type::SubstituteFromAttrs` Low
CVE-2022-36016 was published for tensorflow (pip) Sep 16, 2022
TensorFlow vulnerable to integer overflow in math ops Low
CVE-2022-36015 was published for tensorflow (pip) Sep 16, 2022
Python-TUF vulnerable to incorrect threshold signature computation for new root metadata Low
GHSA-r7vq-6425-j94w was published for tuf (pip) Sep 15, 2022
trishankatdatadog
ProTip! Advisories are also available from the GraphQL API