GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,455 advisories
Filter by severity
Regular expression denial of service in url_regex
Moderate
CVE-2022-21195
was published
for
url_regex
(pip)
May 21, 2022
Cross-site scripting in markdown2 for python
Moderate
CVE-2009-3724
was published
for
markdown2
(pip)
Apr 21, 2022
Missing validation causes denial of service via `StagePeek`
Moderate
CVE-2022-29195
was published
for
tensorflow
(pip)
May 24, 2022
Missing validation results in undefined behavior in `SparseTensorDenseAdd
Moderate
CVE-2022-29206
was published
for
tensorflow
(pip)
May 24, 2022
Missing validation causes denial of service via `LoadAndRemapMatrix`
Moderate
CVE-2022-29199
was published
for
tensorflow
(pip)
May 24, 2022
Undefined behavior when users supply invalid resource handles
Moderate
CVE-2022-29207
was published
for
tensorflow
(pip)
May 24, 2022
Missing validation crashes `QuantizeAndDequantizeV4Grad`
Moderate
CVE-2022-29192
was published
for
tensorflow
(pip)
May 24, 2022
Segfault due to missing support for quantized types
Moderate
CVE-2022-29205
was published
for
tensorflow
(pip)
May 24, 2022
Multiple cross-site scripting (XSS) vulnerabilities in Roundup
Moderate
CVE-2012-6133
was published
for
roundup
(pip)
Apr 23, 2022
Missing validation causes denial of service via `UnsortedSegmentJoin`
Moderate
CVE-2022-29197
was published
for
tensorflow
(pip)
May 24, 2022
Missing validation results in undefined behavior in `QuantizedConv2D`
Moderate
CVE-2022-29201
was published
for
tensorflow
(pip)
May 24, 2022
Integer overflow in `SpaceToBatchND`
Moderate
CVE-2022-29203
was published
for
tensorflow
(pip)
May 24, 2022
Missing validation causes denial of service via `Conv3DBackpropFilterV2`
Moderate
CVE-2022-29204
was published
for
tensorflow
(pip)
May 24, 2022
Improper Neutralization of Input During Web Page Generation in Jupyter Notebook
Moderate
CVE-2019-9644
was published
for
jupyter-notebook
(pip)
May 14, 2022
Missing validation causes denial of service via `SparseTensorToCSRSparseMatrix`
Moderate
CVE-2022-29198
was published
for
tensorflow
(pip)
May 24, 2022
Missing validation causes denial of service via `GetSessionTensor`
Moderate
CVE-2022-29191
was published
for
tensorflow
(pip)
May 24, 2022
Missing validation causes denial of service via `DeleteSessionTensor`
Moderate
CVE-2022-29194
was published
for
tensorflow
(pip)
May 24, 2022
Buffer Copy without Checking Size of Input in NumPy
Moderate
CVE-2021-41496
was published
for
numpy
(pip)
Feb 8, 2022
rdiffweb 2.4.1 Missing Custom Error Page
Moderate
CVE-2022-3175
was published
for
rdiffweb
(pip)
Sep 14, 2022
Sydent DoS (via resource exhaustion) due to improper input validation
Moderate
CVE-2021-29433
was published
for
matrix-sydent
(pip)
Apr 16, 2021
Permissions not properly checked in Invenio-Drafts-Resources
Moderate
CVE-2021-43781
was published
for
invenio-app-rdm
(pip)
Dec 6, 2021
simplejson before 2.6.1 vulnerable to array index error
Moderate
CVE-2014-4616
was published
for
simplejson
(pip)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates
Moderate
CVE-2021-4180
was published
for
tripleo-heat-templates
(pip)
Mar 24, 2022
Access control issue in AlekSIS-Core
Moderate
CVE-2022-29773
was published
for
aleksis-core
(pip)
Jun 4, 2022
Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator oauthenticator
Moderate
CVE-2022-31027
was published
for
oauthenticator
(pip)
Jun 6, 2022
ProTip!
Advisories are also available from the
GraphQL API