GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
365 advisories
Filter by severity
Origin Validation Error in rdiffweb
Critical
CVE-2022-3457
was published
for
rdiffweb
(pip)
Oct 14, 2022
TensorFlow vulnerable to heap out of bounds read in filesystem glob matching
Critical
CVE-2020-26269
was published
for
tensorflow
(pip)
Oct 7, 2022
joblib vulnerable to arbitrary code execution
Critical
CVE-2022-21797
was published
for
joblib
(pip)
Sep 27, 2022
rdiffweb vulnerable to account access via session fixation
Critical
CVE-2022-3269
was published
for
rdiffweb
(pip)
Sep 25, 2022
python-jwt vulnerable to token forgery with new claims
Critical
CVE-2022-39227
was published
for
python-jwt
(pip)
Sep 21, 2022
VNCAuthProxy authentication bypass vulnerability
Critical
CVE-2022-36436
was published
for
vncauthproxy
(pip)
Sep 16, 2022
Apache Airflow Session Fixation vulnerability
Critical
CVE-2022-38054
was published
for
apache-airflow
(pip)
Sep 3, 2022
NVFLARE unsafe deserialization due to Pickle
Critical
CVE-2022-34668
was published
for
nvflare
(pip)
Aug 31, 2022
exotel-py 0.1.6 includes code execution backdoor inserted by a third party
Critical
CVE-2022-38792
was published
for
exotel
(pip)
Aug 28, 2022
Openstack Keystone Incorrect Authorization vulnerability
Critical
CVE-2021-3563
was published
for
keystone
(pip)
Aug 27, 2022
WMAgent arbitrary code execution via a crafted dbs-client package
Critical
CVE-2022-34558
was published
for
global-workqueue
(pip)
Jul 29, 2022
Octobot before 0.4.4 mishandles Tentacles upload
Critical
CVE-2021-36711
was published
for
OctoBot
(pip)
Jul 17, 2022
Ganga allows absolute path traversal
Critical
CVE-2022-31507
was published
for
ganga
(pip)
Jul 13, 2022
ChainerRL Visualizer 0.1.1 vulnerable to Path Traversal via unsafe use of send_file function
Critical
CVE-2022-31573
was published
for
chainerrl-visualizer
(pip)
Jul 12, 2022
Tooxie Shiva 0.10.0 allows absolute path traversal because Flask send_file function used unsafely
Critical
CVE-2022-31558
was published
for
shiva
(pip)
Jul 12, 2022
SatyaLab opendiamond 10.1.1 vulnerable to path traversal because Flask send_file function used unsafely
Critical
CVE-2022-31506
was published
for
opendiamond
(pip)
Jul 12, 2022
rpc.py vulnerable to Deserialization of Untrusted Data
Critical
CVE-2022-35411
was published
for
rpc.py
(pip)
Jul 9, 2022
Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection
Critical
CVE-2022-34265
was published
for
django
(pip)
Jul 5, 2022
Unsafe yaml deserialization in NVFlare
Critical
CVE-2022-31605
was published
for
nvflare
(pip)
Jun 22, 2022
Unsafe deserialisation in the PKI implementation scheme of NVFlare
Critical
CVE-2022-31604
was published
for
nvflare
(pip)
Jun 22, 2022
Couchbase Sync Gateway admin credentials not verified when using X.509 client cert authentication
Critical
CVE-2022-32563
was published
for
couchbase
(pip)
Jun 11, 2022
Path Traversal in django-s3file
Critical
CVE-2022-24840
was published
for
django-s3file
(pip)
Jun 6, 2022
ProTip!
Advisories are also available from the
GraphQL API