GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
23 advisories
Filter by severity
Integer truncation in Shard API usage
High
CVE-2020-15202
was published
for
tensorflow
(pip)
Sep 25, 2020
Ory fosite contains Improper Handling of Exceptional Conditions
High
CVE-2020-15223
was published
for
github.com/ory/fosite
(Go)
May 24, 2021
Incorrect handling of H2 GOAWAY + SETTINGS frames
High
CVE-2021-39162
was published
for
github.com/pomerium/pomerium
(Go)
Sep 10, 2021
Crash when type cannot be specialized in Tensorflow
High
CVE-2022-23572
was published
for
tensorflow
(pip)
Feb 9, 2022
Segfault in `simplifyBroadcast` in Tensorflow
High
CVE-2022-23593
was published
for
tensorflow
(pip)
Feb 9, 2022
Assertion failure based denial of service in Tensorflow
High
CVE-2022-21737
was published
for
tensorflow
(pip)
Feb 9, 2022
Type confusion leading to segfault in Tensorflow
High
CVE-2022-21731
was published
for
tensorflow
(pip)
Feb 10, 2022
Improper Check for Unusual or Exceptional Conditions in Elasticsearch
High
CVE-2022-23712
was published
for
org.elasticsearch:elasticsearch
(Maven)
Jun 7, 2022
Improper Handling of `callbackUrl` parameter in next-auth
High
CVE-2022-31093
was published
for
next-auth
(npm)
Jun 21, 2022
Improper handling of CSS at-rules in lettersanitizer
High
CVE-2022-31103
was published
for
lettersanitizer
(npm)
Jun 23, 2022
fastify vulnerable to denial of service via malicious Content-Type
High
CVE-2022-39288
was published
for
fastify
(npm)
Oct 11, 2022
Feathers socket handler allows abusing implicit toString
High
CVE-2023-37899
was published
for
@feathersjs/socketio
(npm)
Jul 20, 2023
json2xml Uncaught Exception vulnerability
High
CVE-2022-25024
was published
for
json2xml
(pip)
Aug 23, 2023
Apollo Router vulnerable to Improper Check or Handling of Exceptional Conditions
High
CVE-2023-45812
was published
for
apollo-router
(Rust)
Oct 19, 2023
XSS sidekiq-unique-jobs UI server vulnerability
High
CVE-2024-25122
was published
for
sidekiq-unique-jobs
(RubyGems)
Feb 13, 2024
HPACK decoder panics on invalid input
High
GHSA-w7hm-hmxv-pvhf
was published
for
hpack
(Rust)
Apr 5, 2024
Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX
High
CVE-2024-34360
was published
for
github.com/spacemeshos/api
(Go)
May 10, 2024
Tor Arti's STUB circuits incorrectly have a length of 2
High
CVE-2024-35312
was published
for
arti
(Rust)
May 18, 2024
Directus is soft-locked by providing a string value to random string util
High
CVE-2024-36128
was published
for
directus
(npm)
Jun 4, 2024
LNbits improperly handles potential network and payment failures when using Eclair backend
High
CVE-2024-34694
was published
for
lnbits
(pip)
Jun 17, 2024
Jenkins Remoting library arbitrary file read vulnerability
High
CVE-2024-43044
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Aug 7, 2024
ProTip!
Advisories are also available from the
GraphQL API