Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,050
Erlang
29
GitHub Actions
19
Go
1,876
Maven
5,000+
npm
3,602
NuGet
638
pip
3,199
Pub
10
RubyGems
852
Rust
813
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,486 advisories

Apache Superset's SQL Alchemy connector vulnerable to SQL Injection Moderate
CVE-2022-41703 was published for apache-superset (pip) Jan 16, 2023
Apache Superset vulnerable to Cross-site Scripting Moderate
CVE-2022-43717 was published for apache-superset (pip) Jan 16, 2023
Apache Superset is vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2022-43718 was published for apache-superset (pip) Jan 16, 2023
Improper Input Validation in pyload-ng Moderate
CVE-2023-0434 was published for pyload-ng (pip) Jan 22, 2023
Cross-Site Request Forgery in modoboa Moderate
CVE-2023-0438 was published for modoboa (pip) Jan 23, 2023
Modoboa is vulnerable to Cross-Site Request Forgery Moderate
CVE-2023-0398 was published for modoboa (pip) Jan 19, 2023
Twisted vulnerable to HTTP Request Smuggling Attacks Moderate
GHSA-8r99-h8j2-rw64 was published for twisted (pip) Oct 7, 2022
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pycares Moderate
GHSA-c58j-88f5-h53f was published for pycares (pip) Jul 5, 2022
Formula Injection in Exported Data Moderate
GHSA-7rq4-qcpw-74gq was published for inventree (pip) Jun 17, 2022
saharshtapi
dompurify vulnerable to Cross-site Scripting Moderate
GHSA-h6p3-p4vx-wr8q was published for dompurify (pip) Jan 11, 2023
dompurify vulnerable to Cross-site Scripting Moderate
GHSA-pgjv-jrg2-gq3v was published for dompurify (pip) Jan 11, 2023
`CHECK` failure in depthwise ops via overflows Moderate
GHSA-mw6j-hh29-h379 was published for tensorflow (pip) May 25, 2022
SVG with embedded scripts can lead to cross-site scripting attacks in xml2rfc Moderate
GHSA-cf4q-4cqr-7g7w was published for xml2rfc (pip) Apr 22, 2022
Command injection in guake Moderate
CVE-2021-23556 was published for guake (pip) Mar 18, 2022
Open Redirect in archivy Moderate
CVE-2022-0697 was published for archivy (pip) Mar 8, 2022
Integer Overflow or Wraparound in TensorFlow Moderate
GHSA-wcv5-vrvr-3rx2 was published for tensorflow (pip) Feb 9, 2022
Cross-site Scripting and Open Redirect in plone.app.contenttypes Moderate
GHSA-f7qw-5fgj-247x was published for plone.app.contenttypes (pip) Feb 1, 2022
Cross-site Scripting and Open Redirect in Products.CMFPlone Moderate
GHSA-8w54-22w9-3g8f was published for Products.CMFPlone (pip) Jan 28, 2022
Invalid URL generation in bitlyshortener Moderate
GHSA-rcrv-228c-gprj was published for bitlyshortener (pip) Jan 21, 2022
Cross-site scripting (XSS) vulnerability in the fallback authentication endpoint Moderate
CVE-2020-26891 was published for matrix-synapse (pip) Oct 16, 2020
dkasak
ReDoS in LDAP schema parser Moderate
GHSA-r8wq-qrxc-hmcm was published for python-ldap (pip) Nov 29, 2021
Open redirect in Flask-Unchained Moderate
CVE-2021-23393 was published for Flask-Unchained (pip) Jun 15, 2021
Improper Input Validation in OpenCV Moderate
CVE-2016-1517 was published for opencv-contrib-python (pip) Oct 12, 2021
Out-of-bounds Write in OpenCV Moderate
CVE-2017-14136 was published for opencv-contrib-python (pip) Oct 12, 2021
Cross-site Scripting in python-cjson Moderate
CVE-2009-4924 was published for python-cjson (pip) Dec 6, 2021
ProTip! Advisories are also available from the GraphQL API