Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

57 advisories

Loading
Segmentation faultin TensorFlow when converting a Python string to `tf.float16` High
CVE-2020-5215 was published for tensorflow (pip) Jan 28, 2020
Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11 Low
GHSA-3h5r-928v-mxhh was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
Improper Check for Unusual or Exceptional Conditions in Elasticsearch High
CVE-2022-23712 was published for org.elasticsearch:elasticsearch (Maven) Jun 7, 2022
Improper Handling of `callbackUrl` parameter in next-auth High
CVE-2022-31093 was published for next-auth (npm) Jun 21, 2022
stensrud
Improper handling of CSS at-rules in lettersanitizer High
CVE-2022-31103 was published for lettersanitizer (npm) Jun 23, 2022
Unexpected server crash in Next.js Moderate
CVE-2022-36046 was published for next (npm) Aug 30, 2022
Improper Check for Unusual or Exceptional Conditions in Connect2id Nimbus JOSE+JWT Critical
CVE-2019-17195 was published for com.nimbusds:nimbus-jose-jwt (Maven) Oct 16, 2019
Integer truncation in Shard API usage Critical
CVE-2020-15202 was published for tensorflow (pip) Sep 25, 2020
Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11 Low
CVE-2018-25007 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
CHECK-fail in `QuantizeAndDequantizeV4Grad` Low
CVE-2021-29544 was published for tensorflow (pip) May 21, 2021
CHECK-fail in SparseConcat Low
CVE-2021-29534 was published for tensorflow (pip) May 21, 2021
CHECK-fail in DrawBoundingBoxes Low
CVE-2021-29533 was published for tensorflow (pip) May 21, 2021
CHECK-fail in tf.raw_ops.EncodePng Low
CVE-2021-29531 was published for tensorflow (pip) May 21, 2021
Incomplete validation in `SparseSparseMinimum` Moderate
CVE-2021-29607 was published for tensorflow (pip) Mar 18, 2022
Authz Module Non-Determinism Moderate
CVE-2021-41135 was published for github.com/cosmos/cosmos-sdk (Go) Oct 21, 2021
robert-zaremba iramiller
Incorrect handling of H2 GOAWAY + SETTINGS frames High
CVE-2021-39162 was published for github.com/pomerium/pomerium (Go) Sep 10, 2021
Denial of Service (DoS) in mongo-express Moderate
CVE-2021-23372 was published for mongo-express (npm) Oct 6, 2021
Uncaught Exception in mercurius High
CVE-2021-43801 was published for mercurius (npm) Dec 13, 2021
fastify vulnerable to denial of service via malicious Content-Type High
CVE-2022-39288 was published for fastify (npm) Oct 11, 2022
B-i-t-K
Assertion failure based denial of service in Tensorflow Moderate
CVE-2022-21737 was published for tensorflow (pip) Feb 9, 2022
Type confusion leading to segfault in Tensorflow Moderate
CVE-2022-21731 was published for tensorflow (pip) Feb 10, 2022
Crash due to erroneous `StatusOr` in TensorFlow Moderate
CVE-2022-23590 was published for tensorflow (pip) Feb 9, 2022
Segfault in `simplifyBroadcast` in Tensorflow Moderate
CVE-2022-23593 was published for tensorflow (pip) Feb 9, 2022
Froxlor contains Unchecked Error Condition Moderate
CVE-2023-0572 was published for froxlor/froxlor (Composer) Jan 30, 2023
Ory fosite contains Improper Handling of Exceptional Conditions High
CVE-2020-15223 was published for github.com/ory/fosite (Go) May 24, 2021
jclebreton
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database