GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,445 advisories
Filter by severity
Cross-site Scripting in FreeTAKServer-UI
Moderate
CVE-2022-25507
was published
for
FreeTAKServer-UI
(pip)
Mar 12, 2022
Path traversal in FreeTAKServer-UI
Moderate
CVE-2022-25511
was published
for
FreeTAKServer-UI
(pip)
Mar 12, 2022
SQL Injection in FreeTAKServer-UI
Moderate
CVE-2022-25506
was published
for
FreeTAKServer-UI
(pip)
Mar 12, 2022
Apache Superset has Improper Access Control
Moderate
CVE-2022-45438
was published
for
apache-superset
(pip)
Jan 16, 2023
Apache Superset Open Redirect vulnerability
Moderate
CVE-2022-43721
was published
for
apache-superset
(pip)
Jan 16, 2023
Apache Superset vulnerable to Injection
Moderate
CVE-2022-43720
was published
for
apache-superset
(pip)
Jan 16, 2023
Apache Superset's SQL Alchemy connector vulnerable to SQL Injection
Moderate
CVE-2022-41703
was published
for
apache-superset
(pip)
Jan 16, 2023
Apache Superset vulnerable to Cross-site Scripting
Moderate
CVE-2022-43717
was published
for
apache-superset
(pip)
Jan 16, 2023
Apache Superset is vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2022-43718
was published
for
apache-superset
(pip)
Jan 16, 2023
Improper Input Validation in pyload-ng
Moderate
CVE-2023-0434
was published
for
pyload-ng
(pip)
Jan 22, 2023
Cross-Site Request Forgery in modoboa
Moderate
CVE-2023-0438
was published
for
modoboa
(pip)
Jan 23, 2023
Modoboa is vulnerable to Cross-Site Request Forgery
Moderate
CVE-2023-0398
was published
for
modoboa
(pip)
Jan 19, 2023
Twisted vulnerable to HTTP Request Smuggling Attacks
Moderate
GHSA-8r99-h8j2-rw64
was published
for
twisted
(pip)
Oct 7, 2022
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pycares
Moderate
GHSA-c58j-88f5-h53f
was published
for
pycares
(pip)
Jul 5, 2022
Formula Injection in Exported Data
Moderate
GHSA-7rq4-qcpw-74gq
was published
for
inventree
(pip)
Jun 17, 2022
dompurify vulnerable to Cross-site Scripting
Moderate
GHSA-h6p3-p4vx-wr8q
was published
for
dompurify
(pip)
Jan 11, 2023
dompurify vulnerable to Cross-site Scripting
Moderate
GHSA-pgjv-jrg2-gq3v
was published
for
dompurify
(pip)
Jan 11, 2023
`CHECK` failure in depthwise ops via overflows
Moderate
GHSA-mw6j-hh29-h379
was published
for
tensorflow
(pip)
May 25, 2022
SVG with embedded scripts can lead to cross-site scripting attacks in xml2rfc
Moderate
GHSA-cf4q-4cqr-7g7w
was published
for
xml2rfc
(pip)
Apr 22, 2022
Integer Overflow or Wraparound in TensorFlow
Moderate
GHSA-wcv5-vrvr-3rx2
was published
for
tensorflow
(pip)
Feb 9, 2022
Cross-site Scripting and Open Redirect in plone.app.contenttypes
Moderate
GHSA-f7qw-5fgj-247x
was published
for
plone.app.contenttypes
(pip)
Feb 1, 2022
Cross-site Scripting and Open Redirect in Products.CMFPlone
Moderate
GHSA-8w54-22w9-3g8f
was published
for
Products.CMFPlone
(pip)
Jan 28, 2022
Invalid URL generation in bitlyshortener
Moderate
GHSA-rcrv-228c-gprj
was published
for
bitlyshortener
(pip)
Jan 21, 2022
ProTip!
Advisories are also available from the
GraphQL API