GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,401 advisories
Filter by severity
Null pointer dereference and heap OOB read in operations restoring tensors
High
CVE-2021-37639
was published
for
tensorflow
(pip)
Aug 25, 2021
Heap buffer overflow in `FractionalAvgPoolGrad`
High
CVE-2021-37651
was published
for
tensorflow
(pip)
Aug 25, 2021
Heap OOB and CHECK fail in `ResourceGather`
High
CVE-2021-37654
was published
for
tensorflow
(pip)
Aug 25, 2021
Heap OOB in `ResourceScatterUpdate`
High
CVE-2021-37655
was published
for
tensorflow
(pip)
Aug 25, 2021
Reference binding to nullptr and heap OOB in binary cwise ops
High
CVE-2021-37659
was published
for
tensorflow
(pip)
Aug 25, 2021
Heap OOB in nested `tf.map_fn` with `RaggedTensor`s
High
CVE-2021-37679
was published
for
tensorflow
(pip)
Aug 25, 2021
Pillow Out-of-bounds Read vulnerability
High
CVE-2021-25288
was published
for
Pillow
(pip)
Jun 8, 2021
Out-of-bounds read in Apache Thrift
High
CVE-2019-0210
was published
for
github.com/apache/thrift
(Go)
May 18, 2021
Segfault in `tf.quantization.quantize_and_dequantize`
High
CVE-2020-15265
was published
for
tensorflow
(pip)
Nov 13, 2020
Data corruption in tensorflow-lite
High
CVE-2020-15208
was published
for
tensorflow
(pip)
Sep 25, 2020
Out-of-bounds read in TensorFlow possibly causing disclosure of the contents of process memory.
High
CVE-2018-21233
was published
for
tensorflow
(pip)
May 13, 2020
Out-of-bounds Read in base64-url
High
GHSA-j4mr-9xw3-c9jx
was published
for
base64-url
(npm)
May 31, 2019
Improper Input Validation and Buffer Over-read in mqtt-packet
High
CVE-2019-5432
was published
for
mqtt-packet
(npm)
May 14, 2019
Denial of service or RCE from libxml2 and libxslt
High
CVE-2015-8806
was published
for
nokogiri
(RubyGems)
Sep 17, 2018
ProTip!
Advisories are also available from the
GraphQL API