GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,336 advisories
Filter by severity
Apache Airflow: Sensitive configuration values are not masked in the logs by default
High
CVE-2024-45784
was published
for
airflow
(pip)
Nov 15, 2024
Cross-site Scripting (XSS) - DOM in janeczku/calibre-web
Moderate
CVE-2021-3988
was published
for
calibreweb
(pip)
Nov 15, 2024
Improper Access Control in janeczku/calibre-web
Moderate
CVE-2021-3987
was published
for
calibreweb
(pip)
Nov 15, 2024
Generation of Error Message Containing Sensitive Information in janeczku/calibre-web
Moderate
CVE-2021-3986
was published
for
calibreweb
(pip)
Nov 15, 2024
Missing ratelimit on passwrod resets in zenml
Moderate
CVE-2024-4311
was published
for
zenml
(pip)
Nov 14, 2024
ReDoS in giskard's transformation.py (GHSL-2024-324)
Moderate
CVE-2024-52524
was published
for
giskard
(pip)
Nov 14, 2024
Salt preflight script could be attacker controlled
Moderate
CVE-2023-34049
was published
for
salt
(pip)
Nov 14, 2024
OpenC3 stores passwords in clear text (`GHSL-2024-129`)
Moderate
CVE-2024-47529
was published
for
@openc3/tool-common
(RubyGems)
Oct 2, 2024
Unsafe handling of user-specified cookies in treq
High
CVE-2022-23607
was published
for
treq
(pip)
Feb 1, 2022
The Fuck Arbitrary File Deletion via Path Traversal
High
CVE-2021-34363
was published
for
thefuck
(pip)
Jun 15, 2021
Topydo Improper Input Validation vulnerability
High
CVE-2018-1000523
was published
for
topydo
(pip)
Sep 13, 2018
SQL injection in Tortoise ORM
Moderate
CVE-2020-11010
was published
for
tortoise-orm
(pip)
Apr 20, 2020
Tornado XSRF cookie allows side-channel attack against TLS (BREACH attack)
High
CVE-2014-9720
was published
for
tornado
(pip)
May 17, 2022
PyTorch vulnerable to arbitrary code execution
Critical
CVE-2022-45907
was published
for
torch
(pip)
Nov 26, 2022
tlslite-ng off-by-one error on mac checking
High
CVE-2018-1000159
was published
for
tlslite-ng
(pip)
Jul 12, 2018
Heap OOB read in TFLite's implementation of `Minimum` or `Maximum`
Low
CVE-2021-29590
was published
for
tensorflow
(pip)
May 21, 2021
Out of bounds read and write in Tensorflow
High
CVE-2022-23574
was published
for
tensorflow
(pip)
Feb 9, 2022
Uninitialized variable access in Tensorflow
High
CVE-2022-23573
was published
for
tensorflow
(pip)
Feb 9, 2022
Crash when type cannot be specialized in Tensorflow
High
CVE-2022-23572
was published
for
tensorflow
(pip)
Feb 9, 2022
ProTip!
Advisories are also available from the
GraphQL API