Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

518 advisories

Loading
NULL Pointer Dereference and Access of Uninitialized Pointer in TensorFlow Critical
GHSA-h6gw-r52c-724r was published for tensorflow (pip) Feb 9, 2022
Malware in ctx Critical
GHSA-4g82-3jcr-q52w was published for ctx (pip) May 25, 2022
Embedded Malicious Code in ctx Critical
GHSA-67r3-h899-9w95 was published for ctx (pip) Jun 2, 2022
PaddlePaddle vulnerable to code injection via winstr Critical
CVE-2022-45908 was published for paddlepaddle (pip) Nov 26, 2022
Remote unauthenticated attackers able to upload files in Onionshare Critical
CVE-2021-41868 was published for onionshare-cli (pip) Nov 19, 2021
Tooxie Shiva 0.10.0 allows absolute path traversal because Flask send_file function used unsafely Critical
CVE-2022-31558 was published for shiva (pip) Jul 12, 2022
ChainerRL Visualizer 0.1.1 vulnerable to Path Traversal via unsafe use of send_file function Critical
CVE-2022-31573 was published for chainerrl-visualizer (pip) Jul 12, 2022
Sony Neural Network Libraries reliance on untrusted inputs prior to v1.0.10 Critical
CVE-2019-10844 was published for nnabla (pip) May 13, 2022
westonsteimel
Credited to westonsteimel
Apache Airflow Hive Provider vulnerable to Command Injection Critical
CVE-2022-46421 was published for apache-airflow-providers-apache-hive (pip) Dec 20, 2022
Maltego incorrectly shares a MISP connection across users in a remote-transform use case Critical
CVE-2020-12889 was published for MISP-maltego (pip) May 24, 2022
westonsteimel
Credited to westonsteimel
OS Command Injection in Apache Airflow Critical
CVE-2022-40189 was published for apache-airflow (pip) Nov 22, 2022
Command Injection in Apache Airflow and Apache Airflow MySQL Provider Critical
CVE-2023-22884 was published for apache-airflow (pip) Jan 21, 2023
acryl-datahub missing JWT signature check Critical
CVE-2022-39366 was published for acryl-datahub (pip) Oct 31, 2022
artsploit pwntester
sylwia-budzynska p- Kwstubbs jorgectf
Credited to artsploit, pwntester, sylwia-budzynska, p-, Kwstubbs, and jorgectf
PaddlePaddle Out-of-bounds Read vulnerability Critical
CVE-2022-46741 was published for paddlepaddle (pip) Dec 7, 2022
wger vulnerable to brute force attempts Critical
CVE-2022-2650 was published for wger (pip) Nov 24, 2022
SQL injection in calibreweb Critical
CVE-2022-30765 was published for calibreweb (pip) May 17, 2022
Cobbler has Exposed Dangerous Method or Function Critical
CVE-2018-10931 was published for cobbler (pip) May 13, 2022
Excessive Attack Surface in pyload-ng Critical
CVE-2023-0435 was published for pyload-ng (pip) Jan 23, 2023
OS Command Injection in jw.util Critical
CVE-2020-13388 was published for jw.util (pip) Jun 2, 2021
Apache Airflow Google Provider Improper Input Validation vulnerability Critical
CVE-2023-25691 was published for apache-airflow-providers-google (pip) Feb 24, 2023
Apache Airflow Sqoop Provider Improper Input Validation vulnerability Critical
CVE-2023-25693 was published for apache-airflow-providers-apache-sqoop (pip) Feb 24, 2023
Apache Airflow Hive Provider Improper Input Validation vulnerability Critical
CVE-2023-25696 was published for apache-airflow-providers-apache-hive (pip) Feb 24, 2023
TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation Critical
CVE-2023-25668 was published for tensorflow (pip) Mar 24, 2023
Use of hard-coded, security-relevant constants in deepset-ai/haystack Critical
CVE-2023-1712 was published for farm-haystack (pip) Mar 30, 2023
Apache Airflow Hive Provider vulnerable to code injection Critical
CVE-2023-28706 was published for apache-airflow-providers-apache-hive (pip) Apr 7, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database