GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
411 advisories
Filter by severity
NULL Pointer Dereference and Access of Uninitialized Pointer in TensorFlow
Critical
GHSA-h6gw-r52c-724r
was published
for
tensorflow
(pip)
Feb 9, 2022
PaddlePaddle vulnerable to code injection via winstr
Critical
CVE-2022-45908
was published
for
paddlepaddle
(pip)
Nov 26, 2022
Remote unauthenticated attackers able to upload files in Onionshare
Critical
CVE-2021-41868
was published
for
onionshare-cli
(pip)
Nov 19, 2021
Tooxie Shiva 0.10.0 allows absolute path traversal because Flask send_file function used unsafely
Critical
CVE-2022-31558
was published
for
shiva
(pip)
Jul 12, 2022
ChainerRL Visualizer 0.1.1 vulnerable to Path Traversal via unsafe use of send_file function
Critical
CVE-2022-31573
was published
for
chainerrl-visualizer
(pip)
Jul 12, 2022
WMAgent arbitrary code execution via a crafted dbs-client package
Critical
CVE-2022-34558
was published
for
global-workqueue
(pip)
Jul 29, 2022
Sony Neural Network Libraries reliance on untrusted inputs prior to v1.0.10
Critical
CVE-2019-10844
was published
for
nnabla
(pip)
May 13, 2022
Apache Airflow Hive Provider vulnerable to Command Injection
Critical
CVE-2022-46421
was published
for
apache-airflow-providers-apache-hive
(pip)
Dec 20, 2022
Maltego incorrectly shares a MISP connection across users in a remote-transform use case
Critical
CVE-2020-12889
was published
for
MISP-maltego
(pip)
May 24, 2022
Origin Validation Error in rdiffweb
Critical
CVE-2022-3457
was published
for
rdiffweb
(pip)
Oct 14, 2022
exotel-py 0.1.6 includes code execution backdoor inserted by a third party
Critical
CVE-2022-38792
was published
for
exotel
(pip)
Aug 28, 2022
OS Command Injection in Apache Airflow
Critical
CVE-2022-40189
was published
for
apache-airflow
(pip)
Nov 22, 2022
Command Injection in Apache Airflow and Apache Airflow MySQL Provider
Critical
CVE-2023-22884
was published
for
apache-airflow
(pip)
Jan 21, 2023
acryl-datahub missing JWT signature check
Critical
CVE-2022-39366
was published
for
acryl-datahub
(pip)
Oct 31, 2022
PaddlePaddle Out-of-bounds Read vulnerability
Critical
CVE-2022-46741
was published
for
paddlepaddle
(pip)
Dec 7, 2022
wger vulnerable to brute force attempts
Critical
CVE-2022-2650
was published
for
wger
(pip)
Nov 24, 2022
Cobbler has Exposed Dangerous Method or Function
Critical
CVE-2018-10931
was published
for
cobbler
(pip)
May 13, 2022
Excessive Attack Surface in pyload-ng
Critical
CVE-2023-0435
was published
for
pyload-ng
(pip)
Jan 23, 2023
Apache Airflow Google Provider Improper Input Validation vulnerability
Critical
CVE-2023-25691
was published
for
apache-airflow-providers-google
(pip)
Feb 24, 2023
ProTip!
Advisories are also available from the
GraphQL API