Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,798
Maven
5,000+
npm
4,424
NuGet
772
pip
4,192
Pub
12
RubyGems
968
Rust
1,083
Swift
46
Unreviewed advisories
All unreviewed
5,000+

25,306 advisories

Loading
TensorFlow Denial of Service vulnerability Moderate
CVE-2023-25661 was published for tensorflow (pip) Mar 27, 2023
dengyinlin
Credited to dengyinlin
Complianz WordPress plugin vulnerable to cross-site scripting Moderate
CVE-2023-1069 was published for really-simple-plugins/complianz-gdpr (Composer) Mar 27, 2023
Hippo4j allows attacker to obtain sensitive info via ConfigVerifyController function of Tenant Management module Moderate
CVE-2023-27096 was published for cn.hippo4j:hippo4j-all (Maven) Mar 27, 2023
Apache InLong vulnerable to JDBC Deserialization of Untrusted Data High
CVE-2023-27296 was published for org.apache.inlong:inlong-manager (Maven) Mar 27, 2023
GraphQL Java vulnerable to stack consumption High
CVE-2023-28867 was published for com.graphql-java:graphql-java (Maven) Mar 27, 2023
Duplicate Advisory: pullit Command Injection vulnerability High
GHSA-2w9p-xf5h-qwj3 was published for pullit (npm) Mar 27, 2023 withdrawn
redis-py Race Condition due to incomplete fix High
CVE-2023-28859 was published for redis (pip) Mar 26, 2023
artoj-iceye sreecharanguduri
Credited to artoj-iceye and sreecharanguduri
redis-py Race Condition vulnerability Moderate
CVE-2023-28858 was published for redis (pip) Mar 26, 2023
Interactive `run` permission prompt spoofing via improper ANSI neutralization High
CVE-2023-28446 was published for deno (Rust) Mar 24, 2023
tristan-f-r
Credited to tristan-f-r
angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend Critical
CVE-2023-28444 was published for angular-server-side-configuration (npm) Mar 24, 2023
milo526
Credited to milo526
Nginx alias path traversal allows unauthenticated attackers to read all files on /label_studio/core/ High
GHSA-cpmr-mw4j-99r7 was published for label-studio (pip) Mar 24, 2023
c3l3si4n farioas
Credited to c3l3si4n and farioas
`openssl` `X509NameBuilder::build` returned object is not thread safe Moderate
GHSA-3gxf-9r58-2ghg was published for openssl (Rust) Mar 24, 2023
`openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read High
GHSA-9qwg-crg9-m2vc was published for openssl (Rust) Mar 24, 2023
`openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference High
GHSA-6hcf-g6gr-hhcr was published for openssl (Rust) Mar 24, 2023
Remote file existence check vulnerability in `mlflow server` and `mlflow ui` CLIs Moderate
CVE-2023-1176 was published for mlflow (pip) Mar 24, 2023
mlflow is vulnerable to remote file access in `mlflow server` and `mlflow ui` CLIs Critical
CVE-2023-1177 was published for mlflow (pip) Mar 24, 2023
Versionize::deserialize implementation for FamStructWrapper<T> is lacking bound checks, potentially leading to out of bounds memory accesses Moderate
CVE-2023-28448 was published for versionize (Rust) Mar 24, 2023
async-nats vulnerable to TLS certificate common name validation bypass Moderate
GHSA-f5v5-ccqc-6w36 was published for async-nats (Rust) Mar 24, 2023
TensorFlow vulnerable to Out-of-Bounds Read in DynamicStitch High
CVE-2023-25659 was published for tensorflow (pip) Mar 24, 2023
dengyinlin
Credited to dengyinlin
TensorFlow vulnerable to seg fault in `tf.raw_ops.Print` High
CVE-2023-25660 was published for tensorflow (pip) Mar 24, 2023
TensorFlow vulnerable to integer overflow in EditDistance High
CVE-2023-25662 was published for tensorflow (pip) Mar 24, 2023
TensorFlow has Null Pointer Error in TensorArrayConcatV2 High
CVE-2023-25663 was published for tensorflow (pip) Mar 24, 2023
TensorFlow has Heap-buffer-overflow in AvgPoolGrad High
CVE-2023-25664 was published for tensorflow (pip) Mar 24, 2023
TensorFlow has Null Pointer Error in SparseSparseMaximum High
CVE-2023-25665 was published for tensorflow (pip) Mar 24, 2023
TensorFlow has Floating Point Exception in AudioSpectrogram High
CVE-2023-25666 was published for tensorflow (pip) Mar 24, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database