Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

365 advisories

Loading
Origin Validation Error in rdiffweb Critical
CVE-2022-3457 was published for rdiffweb (pip) Oct 14, 2022
TensorFlow vulnerable to heap out of bounds read in filesystem glob matching Critical
CVE-2020-26269 was published for tensorflow (pip) Oct 7, 2022
joblib vulnerable to arbitrary code execution Critical
CVE-2022-21797 was published for joblib (pip) Sep 27, 2022
dawookie
rdiffweb vulnerable to account access via session fixation Critical
CVE-2022-3269 was published for rdiffweb (pip) Sep 25, 2022
python-jwt vulnerable to token forgery with new claims Critical
CVE-2022-39227 was published for python-jwt (pip) Sep 21, 2022
TomTervoort
VNCAuthProxy authentication bypass vulnerability Critical
CVE-2022-36436 was published for vncauthproxy (pip) Sep 16, 2022
Apache Airflow Session Fixation vulnerability Critical
CVE-2022-38054 was published for apache-airflow (pip) Sep 3, 2022
NVFLARE unsafe deserialization due to Pickle Critical
CVE-2022-34668 was published for nvflare (pip) Aug 31, 2022
exotel-py 0.1.6 includes code execution backdoor inserted by a third party Critical
CVE-2022-38792 was published for exotel (pip) Aug 28, 2022
Openstack Keystone Incorrect Authorization vulnerability Critical
CVE-2021-3563 was published for keystone (pip) Aug 27, 2022
WMAgent arbitrary code execution via a crafted dbs-client package Critical
CVE-2022-34558 was published for global-workqueue (pip) Jul 29, 2022
Octobot before 0.4.4 mishandles Tentacles upload Critical
CVE-2021-36711 was published for OctoBot (pip) Jul 17, 2022
Ganga allows absolute path traversal Critical
CVE-2022-31507 was published for ganga (pip) Jul 13, 2022
ChainerRL Visualizer 0.1.1 vulnerable to Path Traversal via unsafe use of send_file function Critical
CVE-2022-31573 was published for chainerrl-visualizer (pip) Jul 12, 2022
Tooxie Shiva 0.10.0 allows absolute path traversal because Flask send_file function used unsafely Critical
CVE-2022-31558 was published for shiva (pip) Jul 12, 2022
SatyaLab opendiamond 10.1.1 vulnerable to path traversal because Flask send_file function used unsafely Critical
CVE-2022-31506 was published for opendiamond (pip) Jul 12, 2022
rpc.py vulnerable to Deserialization of Untrusted Data Critical
CVE-2022-35411 was published for rpc.py (pip) Jul 9, 2022
Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection Critical
CVE-2022-34265 was published for django (pip) Jul 5, 2022
Unsafe yaml deserialization in NVFlare Critical
CVE-2022-31605 was published for nvflare (pip) Jun 22, 2022
Unsafe deserialisation in the PKI implementation scheme of NVFlare Critical
CVE-2022-31604 was published for nvflare (pip) Jun 22, 2022
Couchbase Sync Gateway admin credentials not verified when using X.509 client cert authentication Critical
CVE-2022-32563 was published for couchbase (pip) Jun 11, 2022
Backdoor in api-res-py Critical
CVE-2022-31313 was published for api-res-py (pip) Jun 9, 2022
Path Traversal in django-s3file Critical
CVE-2022-24840 was published for django-s3file (pip) Jun 6, 2022
tunecrew syphar
herrbenesch codingjoe
Denial of service in bottle Critical
CVE-2022-31799 was published for bottle (pip) Jun 3, 2022
Embedded Malicious Code in ctx Critical
GHSA-67r3-h899-9w95 was published for ctx (pip) Jun 2, 2022
ProTip! Advisories are also available from the GraphQL API