GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
21 advisories
Filter by severity
Code execution vulnerability in HtmlUnit
High
CVE-2020-5529
was published
for
net.sourceforge.htmlunit:htmlunit
(Maven)
May 21, 2020
Incomplete validation in `SparseAdd`
Moderate
CVE-2021-29609
was published
for
tensorflow
(pip)
May 21, 2021
Invalid validation in `QuantizeAndDequantizeV2`
Low
CVE-2021-29610
was published
for
tensorflow
(pip)
May 21, 2021
Incomplete validation in `SparseReshape`
Low
CVE-2021-29611
was published
for
tensorflow
(pip)
May 21, 2021
Incomplete validation in `tf.raw_ops.CTCLoss`
Moderate
CVE-2021-29613
was published
for
tensorflow
(pip)
May 21, 2021
Interpreter crash from `tf.io.decode_raw`
Moderate
CVE-2021-29614
was published
for
tensorflow
(pip)
May 21, 2021
Use of Uninitialized Resource in alg_ds
Critical
CVE-2020-36432
was published
for
alg_ds
(Rust)
Aug 25, 2021
UUPSUpgradeable vulnerability in @openzeppelin/contracts
Critical
CVE-2021-41264
was published
for
@openzeppelin/contracts
(npm)
Sep 15, 2021
OpenZeppelin Contracts initializer reentrancy may lead to double initialization
Moderate
CVE-2022-39384
was published
for
@openzeppelin/contracts
(npm)
Dec 14, 2021
Resource Exhaustion Denial of Service in http-proxy-agent
Moderate
CVE-2019-10196
was published
for
http-proxy-agent
(npm)
Jan 6, 2022
Improper Initialization in Pillow
Moderate
CVE-2022-22815
was published
for
Pillow
(pip)
Jan 12, 2022
pgjdbc Does Not Check Class Instantiation when providing Plugin Classes
High
CVE-2022-21724
was published
for
org.postgresql:postgresql
(Maven)
Feb 2, 2022
Improper Initialization in OpenZeppelin
High
CVE-2021-46320
was published
for
@openzeppelin/contracts
(npm)
Feb 5, 2022
TPM 1.2 key authorization values vulnerable to TPM transport eavesdropper in go-tpm
High
CVE-2020-8918
was published
for
github.com/google/go-tpm
(Go)
Feb 11, 2022
Moby Docker cp broken with debian containers
Critical
CVE-2019-14271
was published
for
github.com/docker/docker
(Go)
May 24, 2022
Apache Calcite Avatica JDBC driver arbitrary code execution
High
CVE-2022-36364
was published
for
org.apache.calcite.avatica:avatica-core
(Maven)
Jul 29, 2022
Elrond-go has improper initialization
Critical
CVE-2022-36061
was published
for
github.com/ElrondNetwork/elrond-go
(Go)
Sep 16, 2022
Codeigniter4's Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued
Low
CVE-2022-39284
was published
for
codeigniter4/framework
(Composer)
Oct 6, 2022
NodeBB vulnerable to account takeover via prototype vulnerability
Critical
CVE-2022-46164
was published
for
nodebb
(npm)
Dec 5, 2022
Tokio reject_remote_clients configuration may get dropped when creating a Windows named pipe
Moderate
CVE-2023-22466
was published
for
tokio
(Rust)
Jan 6, 2023
Jenkins Gogs Plugin vulnerable to unsafe default behavior and information disclosure
Moderate
CVE-2023-40349
was published
for
org.jenkins-ci.plugins:gogs-webhook
(Maven)
Aug 16, 2023
ProTip!
Advisories are also available from the
GraphQL API