GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,981
npm
3,510
NuGet
609
pip
3,085
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
279 advisories
Filter by severity
Fides Webserver Vulnerable to Zip Bomb File Uploads
Low
CVE-2023-37480
was published
for
ethyca-fides
(pip)
Jul 18, 2023
SafeURL-Python's hostname blocklist does not block FQDNs
Low
GHSA-373w-rj84-pv6x
was published
for
SafeURL-Python
(pip)
Jun 29, 2023
Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error
Low
CVE-2023-34110
was published
for
Flask-AppBuilder
(pip)
Jun 22, 2023
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews
Low
CVE-2023-32683
was published
for
matrix-synapse
(pip)
Jun 6, 2023
Vulnerable OpenSSL included in cryptography wheels
Low
GHSA-5cpq-8wj7-hf2v
was published
for
cryptography
(pip)
Jun 2, 2023
MindSpore vulnerable to memory corruption
Low
CVE-2023-2970
was published
for
mindspore
(pip)
May 30, 2023
Vyper's nonpayable default functions are sometimes payable
Low
CVE-2023-32675
was published
for
vyper
(pip)
May 22, 2023
Starlette has Path Traversal vulnerability in StaticFiles
Low
CVE-2023-29159
was published
for
starlette
(pip)
May 17, 2023
kiwi TCMS has possibility for user to update email address to unverified one
Low
CVE-2023-30544
was published
for
kiwitcms
(pip)
Apr 24, 2023
configobj ReDoS exploitable by developer using values in a server-side configuration file
Low
CVE-2023-26112
was published
for
configobj
(pip)
Apr 3, 2023
Remote file existence check vulnerability in `mlflow server` and `mlflow ui` CLIs
Low
CVE-2023-1176
was published
for
mlflow
(pip)
Mar 24, 2023
OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability
Low
CVE-2022-4134
was published
for
glance
(pip)
Mar 7, 2023
Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions
Low
CVE-2023-26052
was published
for
saleor
(pip)
Mar 2, 2023
Lemur subject to insecure random generation
Low
GHSA-5fqv-mpj8-h7gm
was published
for
lemur
(pip)
Mar 1, 2023
Incorrect parsing of nameless cookies leads to __Host- cookies bypass
Low
CVE-2023-23934
was published
for
Werkzeug
(pip)
Feb 15, 2023
Package discontinued because Bitly lowered the free quota
Low
GHSA-ggrh-grj3-vfvw
was published
for
bitlyshortener
(pip)
Nov 28, 2022
Temporary File Information Disclosure vulnerability in MPXJ
Low
CVE-2022-41954
was published
for
mpxj
(Maven)
Nov 28, 2022
`CHECK` failure in `SobolSample` via missing validation
Low
GHSA-cqvq-fvhr-v6hc
was published
for
tensorflow
(pip)
Nov 21, 2022
`CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in eager mode
Low
GHSA-xf83-q765-xm6m
was published
for
tensorflow
(pip)
Nov 21, 2022
rdiffweb vulnerable to Improper Cleanup on Thrown Exception
Low
CVE-2022-3301
was published
for
rdiffweb
(pip)
Sep 27, 2022
OctoPrint vulnerable to Unrestricted Upload of File with Dangerous Type
Low
CVE-2022-2872
was published
for
OctoPrint
(pip)
Sep 22, 2022
TensorFlow vulnerable to `CHECK`-fail in `tensorflow::full_type::SubstituteFromAttrs`
Low
CVE-2022-36016
was published
for
tensorflow
(pip)
Sep 16, 2022
TensorFlow vulnerable to integer overflow in math ops
Low
CVE-2022-36015
was published
for
tensorflow
(pip)
Sep 16, 2022
Python-TUF vulnerable to incorrect threshold signature computation for new root metadata
Low
GHSA-r7vq-6425-j94w
was published
for
tuf
(pip)
Sep 15, 2022
ProTip!
Advisories are also available from the
GraphQL API